Path: utzoo!utgpu!watserv1!watmath!att!linac!pacific.mps.ohio-state.edu!zaphod.mps.ohio-state.edu!wuarchive!uunet!bywater!arnor!news From: Galina Newsgroups: comp.protocols.kerberos Subject: Re: srvtab on client machines Message-ID: <1991Mar1.223111.15521@arnor.uucp> Date: 1 Mar 91 22:31:11 GMT Sender: news@arnor.uucp (NNTP News Poster) Organization: IBM T.J. Watson Research Center Lines: 62 > > > > > > Date: Wed, 27 Feb 91 15:20:02 EST > > From: "Galina Kofman" > > > > So, how does Athena distribute srvtab files? > > > We send the files over encrypted somehow. There are many ways to do > this, but here's one: This assumes that you have a version of rlogin > which supports DES encryption of the data stream. You would then be > able to use a program to encrypt the srvtab file (it would be OK to type > the password over the net, since you would be logged into the Kerberos > server over an encrypted channel). You could then FTP the encrypted > srvtab file to the destination machine, walk over to the destination > machine, and decrypt the srvtab file while being logged in directly to > the desintation machine. The reason why you wouldn't be able to get an > encrypted rlogin channel to the destination machine is that this > requires a srvtab, and the destination machine wouldn't have one yet. > > - Ted > Sorry for the previous append. Ted, do you mean that each user has to come do the database administrator and send srvtab file to her/his machine? Or does database administraotr has to come to each user's machine to decrypt srvtab? Thank you. Galina.. POST Newsgroups: comp.protocols.kerberos Subject: Re: srvtab on client machines From: Galina > > > > > > Date: Wed, 27 Feb 91 15:20:02 EST > > From: "Galina Kofman" > > > > So, how does Athena distribute srvtab files? > > > We send the files over encrypted somehow. There are many ways to do > this, but here's one: This assumes that you have a version of rlogin > which supports DES encryption of the data stream. You would then be > able to use a program to encrypt the srvtab file (it would be OK to type > the password over the net, since you would be logged into the Kerberos > server over an encrypted channel). You could then FTP the encrypted > srvtab file to the destination machine, walk over to the destination > machine, and decrypt the srvtab file while being logged in directly to > the desintation machine. The reason why you wouldn't be able to get an > encrypted rlogin channel to the destination machine is that this > requires a srvtab, and the destination machine wouldn't have one yet. > > - Ted > Sorry for the previous append. Ted, do you mean that each user has to come do the database administrator and send srvtab file to her/his machine? Or does database administraotr has to come to each user's machine to decrypt srvtab? Thank you. Galina.