Subject: Re: rfc2228 in ftpd
To: Jason R Thorpe <>
From: Roland Dowdeswell <>
List: tech-security
Date: 06/27/2002 03:01:32
On 1024988773 seconds since the Beginning of the UNIX epoch
Jason R Thorpe wrote:
>On Tue, Jun 25, 2002 at 02:48:27AM -0400, Roland Dowdeswell wrote:
> > Doesn't krb5 do mutual auth already?  Why bother with host keys at
> > all?
>Right.  But it's not clear that the *SSH* protocol supports that very

Well, sure, but the mutual auth aspects do work..  I just ran the
experiment with two machines, say host/ and
host/ which have the same host key.  The kerberos
authentication fails if I try to connect to the wrong one, even
though the RSA host key verification worked.

 == Roland Dowdeswell                      http://www.Imrryr.ORG/~elric/  ==
 == The Unofficial NetBSD Web Pages        http://www.Imrryr.ORG/NetBSD/  ==
 == The NetBSD Project                            http://www.NetBSD.ORG/  ==