Path: utzoo!news-server.csri.toronto.edu!rutgers!mit-eddie!bloom-beacon!bloom-picayune.mit.edu!athena.mit.edu!jfc
From: jfc@athena.mit.edu (John F Carr)
Newsgroups: comp.unix.internals
Subject: Re: Unix security additions
Message-ID: <1991Mar11.203347.1076@athena.mit.edu>
Date: 11 Mar 91 20:33:47 GMT
References: <39950@cup.portal.com> <1819@svin02.info.win.tue.nl>
Sender: news@athena.mit.edu (News system)
Organization: Massachusetts Institute of Technology
Lines: 21


>Why does UNIX still trust the network (ethernet in most cases)
>it is attached to?

It depends what version you are running.  At MIT/Athena we haven't trusted
the network for passwords or authentication since 1987.  We use the Kerberos
authentication system.  At login time, a server sends you a packet encrypted
in a key based on your password.  By decrypting this, you prove your
identity without sending your password over the net.  For more information
ftp athena-dist.mit.edu and look in ~ftp/pub/kerberos.

The Berkeley test release ("4.3 reno") includes Kerberos, as does Ultrix
(DEC is also working on a network security system based on public key
encryption).  OSF security will be based on Kerberos.

>When will internet packets start being encrypted?

Versions of rlogin and telnet exist that support encrypted connections.

--
    John Carr (jfc@athena.mit.edu)