Introduction to the Kerberos Products and GSS-API

Secure Internet Services

Secure Internet Services

If you want to authenticate users on remote systems without sending the password in clear text over the network, you can use the built-in support that HP provides for the following secure Internet services applications:

ftp

rcp

rlogin

telnet

remsh

In Figure 2-3, SIS invokes the libsis.sl library. When SIS is enabled at the application client, the password is not sent to the application server. Instead, SIS uses an encrypted ticket each time the user requests a remote service.

Figure 2-3 SIS uses Kerberos Client Library Directly

KDC

Server

5

2

libsis.sl

libsis.sl

1

4

3

Application

6

 

Application

Client

 

Server

 

 

 

As shown in Figure 2-2:

1.The application client requests for credentials from the KDC

2.The application client obtains credentials for the remote host (the application server)

52

Chapter 2