On Aug 20, 2007, at 10:19, Steven Miller wrote: > Can anyone tell me, if using the kerberos ftp client and gssftp, > without having generated yourself a ticket using kinit, does your > password get set clear text?
If you're responding to a password prompt in ftp because it had no Kerberos credentials with which to authenticate you, yes, it's sending that password in the clear. > Also when using ftp with a ticket, i get two tickets from the host > i ftp to. One from > > ftp/foo.bar.com > > and one from > > host/foo.bar.com > > I created both host/foo.bar.com and ftp/foo.bar.com, is it normal > behavior to get both tickets? If ftp/foo exists, ftp should use just that one. However, if authentication fails for some reason, I think it may fall back to trying host/foo. (It's supposed to use ftp/foo if that principal exists, and host/foo only if ftp/foo doesn't exist, but the error information passed back isn't detailed enough.) If you've used ssh or rlogin to the host as well as ftp, that would also explain your having both credentials. Ken ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
