kerberized tcpserver - Kerberos

This is a discussion on kerberized tcpserver - Kerberos ; Is there a kerberized tcpserver or inetd program out there? What I'd like to do is kerberize an rsync file transfer session without having to go through ssh. It also seems like having such a program would be useful to ...

+ Reply to Thread
Results 1 to 3 of 3

Thread: kerberized tcpserver

  1. kerberized tcpserver


    Is there a kerberized tcpserver or inetd program out there? What I'd
    like to do is kerberize an rsync file transfer session without having to
    go through ssh. It also seems like having such a program would be
    useful to kerberize any services that are already written with inetd or
    tcpserver in mind...

    Any ideas?

    Thanks,
    Wes

    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  2. Re: kerberized tcpserver



    On Friday, October 13, 2006 05:05:37 PM -0400 Wesley Chow
    wrote:

    >
    > Is there a kerberized tcpserver or inetd program out there? What I'd
    > like to do is kerberize an rsync file transfer session without having to
    > go through ssh. It also seems like having such a program would be
    > useful to kerberize any services that are already written with inetd or
    > tcpserver in mind...


    Kerberos only provides authentication and a shared secret. To properly
    "kerberize" an application protocol, it has to protect its commands and
    data from tampering by actually _doing_ something with that secret. There
    are a number of tools out there, including ssh, remctl, and a variety of
    TLS-based tools, which provide applications with an integrity-protected,
    encrypted data channel and which can use Kerberos authentication. In most
    cases, these require running the application in a particular way, which is
    generally _not_ the same as what inetd does (accept a connection and pass
    the TCP socket to the application).

    -- Jeffrey T. Hutzelman (N3NHS)
    Sr. Research Systems Programmer
    School of Computer Science - Research Computing Facility
    Carnegie Mellon University - Pittsburgh, PA

    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


  3. Re: kerberized tcpserver




    Jeffrey Hutzelman wrote:
    >
    >
    > Kerberos only provides authentication and a shared secret. To properly
    > "kerberize" an application protocol, it has to protect its commands and
    > data from tampering by actually _doing_ something with that secret.
    > There are a number of tools out there, including ssh, remctl, and a
    > variety of TLS-based tools, which provide applications with an
    > integrity-protected, encrypted data channel and which can use Kerberos
    > authentication. In most cases, these require running the application in
    > a particular way, which is generally _not_ the same as what inetd does
    > (accept a connection and pass the TCP socket to the application).



    Ah, right, this wouldn't work, since anything connecting to a
    "kerberized inetd" would have to know how to authenticate against the
    inetd anyway.


    Thanks,
    Wes

    ________________________________________________
    Kerberos mailing list Kerberos@mit.edu
    https://mailman.mit.edu/mailman/listinfo/kerberos


+ Reply to Thread