From owner-freebsd-security  Thu Sep 28 08:26:16 1995
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id IAA17431
          for security-outgoing; Thu, 28 Sep 1995 08:26:16 -0700
Received: from who.cdrom.com (who.cdrom.com [192.216.222.3])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id IAA17416
          for <security@FreeBSD.org>; Thu, 28 Sep 1995 08:26:12 -0700
Received: from sequent.kiae.su (sequent.kiae.su [144.206.136.6])
          by who.cdrom.com (8.6.12/8.6.11) with SMTP id IAA28143
          for <security@FreeBSD.org>; Thu, 28 Sep 1995 08:25:31 -0700
Received: by sequent.kiae.su id AA12789
  (5.65.kiae-2 ); Thu, 28 Sep 1995 19:09:32 +0400
Received: by sequent.KIAE.su (UUMAIL/2.0); Thu, 28 Sep 95 19:09:31 +0300
Received: (from ache@localhost) by ache.dialup.demos.ru (8.6.11/8.6.9) id SAA00540; Thu, 28 Sep 1995 18:07:16 +0300
To: "Garrett A. Wollman" <wollman@lcs.mit.edu>
Cc: Mark Murray <mark@grondar.za>, security@FreeBSD.org
References: <199509280622.IAA16335@grumble.grondar.za>
    <YiWIbQmGJ1@ache.dialup.demos.ru>
    <9509281427.AA17677@halloran-eldar.lcs.mit.edu>
In-Reply-To: <9509281427.AA17677@halloran-eldar.lcs.mit.edu>;
    from "Garrett A. Wollman" at Thu, 28 Sep 1995 10:27:23 -0400
Message-Id: <VhZehQmOX2@ache.dialup.demos.ru>
Organization: Olahm Ha-Yetzirah
Date: Thu, 28 Sep 1995 18:07:15 +0300 (MSK)
X-Mailer: Mail/@ [v2.40 FreeBSD]
From: =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?=
    (aka Andrey A. Chernov, Black Mage) <ache@astral.msk.su>
X-Class: Fast
Subject: Re: Troubles with telnet encryption enabling.
Lines: 24
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Length: 1019
Sender: owner-security@FreeBSD.org
Precedence: bulk

In message <9509281427.AA17677@halloran-eldar.lcs.mit.edu> Garrett A.
    Wollman writes:

><<On Thu, 28 Sep 1995 10:54:08 +0300 (MSK), =?KOI8-R?Q?=E1=CE=C4=D2=C5=CA_=FE=C5=D2=CE=CF=D7?= (aka Andrey A. Chernov, Black Mage) <ache@astral.msk.su> said:

>> No, encryption is separated from kerberos there, they must go
>> independently (see "encrypt" command inside telnet too).
>> It looks like client send encryption requests
>> and daemon receive and parse them, but does nothing...

>In what key do you expect to get your data encrypted?

>That's why an authentication mechanism is required: it's what provides
>the shared secret session key.

Oops. Thanx, I was under impression that keys can be exchanged
somehow else...


-- 
Andrey A. Chernov        : And I rest so composedly,  /Now, in my bed,
ache@astral.msk.su       : That any beholder  /Might fancy me dead -
FidoNet: 2:5020/230.3    : Might start at beholding me,  /Thinking me dead.
RELCOM Team,FreeBSD Team :         E.A.Poe         From "For Annie" 1849