From owner-freebsd-current Sat Feb 10 17:48:43 1996 Return-Path: owner-current Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id RAA27837 for current-outgoing; Sat, 10 Feb 1996 17:48:43 -0800 (PST) Received: from rover.village.org (rover.village.org [204.144.255.49]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id RAA27831 Sat, 10 Feb 1996 17:48:38 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by rover.village.org (8.6.11/8.6.6) with SMTP id SAA02467; Sat, 10 Feb 1996 18:48:17 -0700 Message-Id: <199602110148.SAA02467@rover.village.org> To: Ollivier Robert Subject: Re: Kerberos @ freebsd.org? Cc: mark@grondar.za, dima@FreeBSD.org, ache@astral.msk.su, current@FreeBSD.org In-reply-to: Your message of Sun, 11 Feb 1996 01:21:59 +0100 Date: Sat, 10 Feb 1996 18:48:17 -0700 From: Warner Losh Sender: owner-current@FreeBSD.org Precedence: bulk : The problem I have with Kerberos is that it does not -- to my knowledge -- : encrypt everything from a telnet session. So trafic from any X11 program : you start on the other side will not be encrypted. Kerberos encrypts *EVERYTHING* from a telnet session (at least an rlogin session). However, you are correct that there is no X proxie that participates in the encryption. : SSH does it _automatically_. When you think about it, if you were looking : for a reason to use it over Kerberos, you just got it. For those things that SSH does, yes. There is an X server proxies that offers encryption. That is a good feature of ssh. The X protocol isn't secure at all... I've not played with the ssh X server proxie at this time. However, ssh won't encrypt things like NFS traffic, mud traffic, etc. So there are some limitations to its realms. For example, there is no ssh enryption for FTP sessions at this time, while there is for Kerberos. So there is a balance there. Warner