Re: ISMS working group and charter problems

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On Thursday, September 08, 2005 11:15:08 PM +0200 Juergen Schoenwaelder <j.schoenwaelder@xxxxxxxxxxxx> wrote:

On Thu, Sep 08, 2005 at 04:40:55PM -0400, Sam Hartman wrote:

Authentication is sometimes symmetric; it is not in the case of
passwords.  For authentication methods like public key or GSS, it is
reasonably symmetric.

The networking boxes I have access to all use password authentication
because they like to stick the password into RADIUS/TACACS...

I am not sure what "reasonably symmetric" means. Who authenticates
whom and in which way if the server establishes a connection to the
client with public key or GSS?

SSH servers don't establish connections to SSH clients.
An SSH server is authenticated as part of key exchange.
An SSH client is authenticated as part of user authentication.

In some cases, the same kinds of credentials can be used in either direction. For example, an RSA key pair can be used either to authenticate a host (as a host key) or to authenticate a user (via the publickey userauth method). Similarly, if the Kerberos GSSAPI mechanism is used, the same Kerberos principal can be used in either a client or a server role, provided the Kerberos infrastructure is configured to allow such usage for that principal.

-- Jeffrey T. Hutzelman (N3NHS) <jhutz+@xxxxxxx>
  Sr. Research Systems Programmer
  School of Computer Science - Research Computing Facility
  Carnegie Mellon University - Pittsburgh, PA


_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]