Support Questions

kums · ‎12-20-2016

Our current environment is working with SSH authentication and there is a push to use Kerberos.

Could someone explain what are the flaws with SSH authentication and what are the use cases for Kerberos Implementation

clukasik · ‎12-20-2016

One key benefit is that passwords or keys are sent across the network as infrequently as possible with Kerberos. With SSH either passwords are being transmitted or you are persisting files with secret keys, both of which have concerns for security. This article does a great job comparing and contrasting SSH and Kerberos: http://docstore.mik.ua/orelly/networking_2ndEd/ssh/ch11_04.htm

"When a user identifies herself to the Kerberos system, the identifying program (kinit) uses her password for an exchange with the KDC, then immediately erases it, never having sent it over the network in any form nor stored it on disk."

View solution in original post

clukasik · ‎12-20-2016

One key benefit is that passwords or keys are sent across the network as infrequently as possible with Kerberos. With SSH either passwords are being transmitted or you are persisting files with secret keys, both of which have concerns for security. This article does a great job comparing and contrasting SSH and Kerberos: http://docstore.mik.ua/orelly/networking_2ndEd/ssh/ch11_04.htm

"When a user identifies herself to the Kerberos system, the identifying program (kinit) uses her password for an exchange with the KDC, then immediately erases it, never having sent it over the network in any form nor stored it on disk."

Cloudera Community

Support Questions

Use case for Implementing Kerberos