On 1024988773 seconds since the Beginning of the UNIX epoch
Jason R Thorpe wrote:
>
>On Tue, Jun 25, 2002 at 02:48:27AM -0400, Roland Dowdeswell wrote:
>
> > Doesn't krb5 do mutual auth already?  Why bother with host keys at
> > all?
>
>Right.  But it's not clear that the *SSH* protocol supports that very
>well.

Well, sure, but the mutual auth aspects do work..  I just ran the
experiment with two machines, say host/foo.mydom.com and
host/bar.mydom.com which have the same host key.  The kerberos
authentication fails if I try to connect to the wrong one, even
though the RSA host key verification worked.

 == Roland Dowdeswell                      http://www.Imrryr.ORG/~elric/  ==
 == The Unofficial NetBSD Web Pages        http://www.Imrryr.ORG/NetBSD/  ==
 == The NetBSD Project                            http://www.NetBSD.ORG/  ==