On 14 Aug 99, at 5:43, Nick Sayer wrote:
> Dave Walton wrote:
> >
> > If you really want to work on an encrypted telnet, check out The
> > Stanford SRP Authentication Project (http://srp.stanford.edu/srp/).
> > I'd love to see SRP integrated into the FreeBSD telnet/telnetd.
>
> Again, the problem is that there is administrative overhead - a separate
> password database is required.
Yes, there is /etc/tpasswd to deal with. I guess what I should have
said is that I'd love to see SRP integrated into FreeBSD (as PAM,
perhaps?). Properly done, the various system utilities would keep
passwd, master.passwd and tpasswd in sync, and SRP
authentication/encryption would be available to telnet, ftp, or
anything else.
(Disclaimer: Authentication and PAM are way outside of anything I
know anything about, so I really have no idea what it would take to
make that work.)
> Keep in mind, also, that as long as AUTHTYPE_SRP and
> AUTHTYPE_SRA are different numbers, both could be present. I
> would even conceed that SRP should be tried before SRA. But I'd
> sure as hell rather use SRA than nothing.
Ok, Nick implements SRA for folks in heterogenous NIS
environments, and Kris implements SRP for those of us without
that restriction. How's that for a non-cryptographic compromise? :)
Unfortunately, this whole discussion ignores one ugly problem:
client availability. I've never heard of SRA before, and the only non-
Unix SRP telnet client I'm aware of is a hacked version of TeraTerm
and only supports authentication, not encryption. Without good
clients on certain unnamed widespread OS's, most people will
continue to use plaintext due to a complete lack of choice.
Dave
----------------------------------------------------------------------
Dave Walton
Webmaster, Postmaster Nordic Entertainment Worldwide
[EMAIL PROTECTED] http://www.nordicdms.com
----------------------------------------------------------------------
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
