Yes, clearly SSL, SSH or something similar must be used to encrypt the
communication, so the interesting question is whether there are other
issues.
Arne
Torbjorn Pettersson wrote:
>
> Arne Nordmark <[EMAIL PROTECTED]> writes:
>
> > Hello,
> >
> > In the description for libpam-heimdal it says: "This module should only
> > be used for local logins unless you really know what you are doing". On
> > the other hand it is quite tempting to use it for IMAP servers etc, so
> > what are the issues? Is it that it is easy to make misstakes in
> > configuration, or that it is possible to spoof with a fake KDC, or that
> > the code not is considered well audited, or something else?
> >
> > Arne
>
> I'm not sure if they are refering to additional problems but
> the obvious one, but the obvious one would be using an
> unencrypted protocol to authenticate to pam with.....
>
> //Tobbe
> --
> ######################################################################
> Torbjörn Pettersson # Email [EMAIL PROTECTED]
> Vattugatan 5 # Web www.strul.nu/~tobbe
> S-111 52 Stockholm, Sweden #
> ######################################################################
--
Arne Nordmark Tel: +46 8 - 790 71 92
KTH/Mekanik Fax: +46 8 - 723 04 75
SE-100 44 STOCKHOLM Internet: [EMAIL PROTECTED]
Sweden
