Hi,
>>"Joel" == Joel Klecker <[EMAIL PROTECTED]> writes:
Joel> -----BEGIN PGP SIGNED MESSAGE-----
Joel> Regarding "Re: are md5sums mandatory for all packages?" of 10:31
Joel> AM -0800 1997-12-19, Scott Ellis wrote:
>> And the instant someone provides us with free software equivilant
>> to ssh or pgp, we'll move to use it.
Joel> Kerberos is free software and it is more than equivalent to
Joel> ssh. It also has the advantage of being a standards track
Joel> protocol (RFC 1510). Personally, were there a `kerberos' package
Joel> for Debian, I'd ditch ssh in an instant.
Are you sure they are equivalent? I use kerberos based
security on a daily basis, and there does not seem to be any
way of authenticating people whose secret is not in the kerberos
secret databse. In other words, kerberos is a private key mechanism;
ssh is based on a public key mechanism.
I do not need to be entered into any central database to ssh
to my ISP, master.debian.org, or anything (I just need initial access
by other means to set up initial key mechanisms, and I can use ssh.
Kerberos, or DCE security (which is [IMHO] a beefed up K5
mechanism), are a whole different kettle of fish.
(I'm not saying we couldn't use K5 for debian, I would like to
point out that the two are far from equivalent)
manoj
--
"If you want to eat hippopatomus, you've got to pay the freight."
attributed to an IBM guy, about why IBM software uses so much memory
Manoj Srivastava <[EMAIL PROTECTED]> <http://www.datasync.com/%7Esrivasta/>
Key C7261095 fingerprint = CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
