Date: Wed, 24 Mar 1999 11:51:25 -0800 From: Mike Thompson <miket@dnai.com> To: freebsd-security@freebsd.org Subject: Kerberos vs SSH Message-ID: <4.1.19990324113601.0097aeb0@mail.dnai.com>
next in thread | raw e-mail | index | archive | help
We are configuring a series of web servers running FreeBSD 2.2.8 for a new Internet service. To implement our service we need to provide a mechanism for secure communication between the servers using an rsh-like facility. One method of doing this would be to run SSH on each server for encrypted/authenticated communication. However, the downsides of this are that there wouldn't be a central administration facility for managing authentication information (unless we create one), ssh has a relatively high CPU overhead to encrypt all communications and we would like to avoid paying the substantial license fees for SSH across a large number of servers. An alternative would be to run a rsh in combination with a Kerberos server to centrally administer authentication information between each server. Communication between the servers would take place behind a router to prevent interception of the unencoded packets. We would also use IPFW to restrict communication with rsh as further protection against hacking. Does anyone here have an opinion as to whether rsh and Kerberos can be used in this manner for efficient and secure communication between web servers running a distributed application? Ideally, we want to keep the cost per server as low as possible with regards to licensing fees, but we also don't want to compromise on security. Thanks, Mike Thompson To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.1.19990324113601.0097aeb0>