Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sun-barr!apple!snorkelwacker.mit.edu!shelby!ATHENA.MIT.EDU!tytso
From: tytso@ATHENA.MIT.EDU (Theodore Ts'o)
Newsgroups: comp.protocols.kerberos
Subject: Re: srvtab on client machines
Message-ID: <9103010325.AA00946@tsx-11.MIT.EDU>
Date: 1 Mar 91 03:25:38 GMT
References: <9102272023.AA27538@ATHENA.MIT.EDU>
Sender: news@shelby.stanford.edu (USENET News System)
Reply-To: tytso@ATHENA.MIT.EDU
Organization: Internet-USENET Gateway at Stanford University
Lines: 19


   Date: Wed, 27 Feb 91 15:20:02 EST
   From: "Galina Kofman" <GALINA@IBM.COM>

   So, how does Athena distribute srvtab files?

We send the files over encrypted somehow.  There are many ways to do
this, but here's one: This assumes that you have a version of rlogin
which supports DES encryption of the data stream.  You would then be
able to use a program to encrypt the srvtab file (it would be OK to type
the password over the net, since you would be logged into the Kerberos
server over an encrypted channel).  You could then FTP the encrypted
srvtab file to the destination machine, walk over to the destination
machine, and decrypt the srvtab file while being logged in directly to
the desintation machine.  The reason why you wouldn't be able to get an
encrypted rlogin channel to the destination machine is that this
requires a srvtab, and the destination machine wouldn't have one yet.

						- Ted