 |
 |
Strong Auth Index Page | Presentation Outline
|
||||||
Connecting to Remote Machines over the Network:
When do you need an encrypted connection?To comply with policy, you only strictly need an encrypted network connection when you type your Kerberos password. And to further comply with policy, you should type your Kerberos password over the network EXTREMELY RARELY, if at all!
How do you verify that your connection is encrypted?
Connecting from Kerberized UNIX/Linux Desktops
SSH
Verify that your ssh client configuration enables encryption. Else use -c flag:
% ssh -c 3des <host>Other Kerberized Connection Program (e.g., telnet)
Your connection is encrypted if you are connected via one of the Kerberized programs with the "encryption on" flag set. The program generally tells you.
Check the [appdefaults] section of your /etc/krb5.conf file, look for encrypt=true for the program you're using.
If encryption is not on by default, use the encryption flag, e.g.,:
% rsh -x <host> % telnet -x <host>Refer to Chapter 13: Network Programs Available on Kerberized Machines for command syntax.
If you're not sure, then assume that the connection is not safe, log out, and use one of the above methods to log in again.
Connecting from nonKerberized UNIX/Linux Desktops using CRYPTOCard
CRYPTOCard ssh or slogin Session
Verify that your ssh client configuration enables encryption. Else use -c flag:
% ssh [-c 3des] <host>CRYPTOCard telnet Session
CRYPTOCard ftp Session
Connecting from a New Internet Computer (NIC)
Using the Fermilab configuration and the ssh client provided, your connection is encrypted.
Connecting from an X Terminal
Look into replacing your X terminal with a NIC box. See http://www-oss.fnal.gov/csi/ and click on ThinkNIC (under Support Links) for information.
|
|||||
| Strong Auth Index Page | |||||