On Sun, Dec 17, 2000 at 12:29:05PM -0600, Tracy J. Di Marco White wrote:

 > As a system administrator, I consider RSA based authentication not so much
 > of a plus.  I manage systems with up to 45K users, and we mandate decent
 > passwords.  Using RSA passphrase authentication allows people to circumvent
 > our password rules, and in fact allows them to choose to have no passphrase
 > at all.  We use kerberos, and kerberos encrypted telnet offers some moderate
 > amount of encryption.

You could certainly disable RSA-based authentication.

But having RSA-based authentication for the host is definitely better than
no authentication... but, yes, I'd much rather see a "Kerberos for everything"
option available for SSH.

The biggest problem for large deployments of SSH is public key harvesting
and distribution.  Kerberos would solve that.

-- 
        -- Jason R. Thorpe <thorpej@zembu.com>