Unix security additions
John F Carr
jfc at athena.mit.edu
Tue Mar 12 06:33:47 AEST 1991
>Why does UNIX still trust the network (ethernet in most cases)
>it is attached to?
It depends what version you are running. At MIT/Athena we haven't trusted
the network for passwords or authentication since 1987. We use the Kerberos
authentication system. At login time, a server sends you a packet encrypted
in a key based on your password. By decrypting this, you prove your
identity without sending your password over the net. For more information
ftp athena-dist.mit.edu and look in ~ftp/pub/kerberos.
The Berkeley test release ("4.3 reno") includes Kerberos, as does Ultrix
(DEC is also working on a network security system based on public key
encryption). OSF security will be based on Kerberos.
>When will internet packets start being encrypted?
Versions of rlogin and telnet exist that support encrypted connections.
--
John Carr (jfc at athena.mit.edu)
More information about the Comp.unix.internals
mailing list