NEWS YOU CAN USE FROM VANDYKE SOFTWARE
Do you manage a large network, work in an environment that has implemented Kerberos, or want to move toward single sign-on? In this issue, find out how Kerberos authentication via GSSAPI can provide secure logon access and the ability to centrally manage user authentication. Also read about how one SecureCRT® user has come up with some inventive uses for the chat window.
The beta 9 releases of VShell™ server for Windows® 2.2 and VShell server for UNIX® 2.2 are now available. Also available are new maintenance releases for SecureFX® 2.1.6 and Entunnel™ 1.0.6.
1. Feature - Simplifying Authentication with Kerberos via GSSAPI
Don't miss our soon to be published white paper on Access Control. You'll get an overview of existing techniques for controlling access and a look at how to fine-tune your control over user and group access privileges with new features in our VShell Secure Shell server for Windows and UNIX.
Learn how you can provide shell access, SFTP file transfer, and port
forwarding for TCP/IP application data with the granular control your
security policies demand. With VShell
While you're there, take a look at the new VShell server 2.2 which is now available for Red Hat Linux, Sun Solaris, and FreeBSD as well as Windows. Versions for IBM AIX, HP-UX, and Mac OS X are currently under development.
Learn more about VShell server 2.2 for Windows and UNIX:
______________________________ SIGN UP TODAY! ________________________________
If you are managing a large network, work in an environment that has
implemented Kerberos, or are moving toward single sign-on, combining Secure
Shell (SSH2™) with Kerberos authentication can give you both secure
logon access and the ability to centrally manage user authentication.
Single sign-on, or reduced sign-on, is one benefit of using Kerberos. You type in your credentials once, and then any application that uses Kerberos can be authenticated. Users who authenticate with their Kerberos credentials can forward their credentials to a remote machine over Secure Shell. This "single sign-on" provided by Kerberos reduces the motivation for users to create their own single sign-on (of sorts) by storing their passwords in clear text configuration files.
Combining Kerberos and Secure Shell also avoids problems associated with
maintaining "known_host" files, which are used in Secure Shell
to authenticate the server to the client.
Kerberos eliminates the need for a user to distribute their public keys
to all machines to which they want to connect - a big advantage for network
administrators. With public-key authentication, when an individual leaves
the company, or you need to change keys, all the keys must be deleted
VShell 2.2 is the first Secure Shell server to include built-in support for Kerberos via GSSAPI. Patches are available to add GSSAPI support to open source Secure Shell implementations, but they must be downloaded and recompiled with changes to the Secure Shell server or the patch.
Read more about Kerberos support in VShell 2.2 at:
SecureCRT 4.0 supports Kerberos through the GSSAPI standard, but this
feature has not been available in the user interface. In the upcoming
releases of both SecureCRT 4.1 and SecureFX 2.2,
Kerberos v5 is available from MIT as well as many commercial vendors and is built into Microsoft Windows 2000 and Windows 2003 servers. To learn more about Kerberos, you can visit the following web sites:
To read the IETF draft for GSSAPI key exchange in Secure Shell, go to:
Microsoft Knowledge Base Article 248758 contains useful information including links to related IETF drafts and RFCs as well as three white papers that you might be interested in reading:
Want a free t-shirt? Report a bug in our new VShell Secure Shell server for UNIX and we'll send you a t-shirt. Or win a free server license! VShell for UNIX has many cool features including ACLs, triggers, and Kerberos support via GSSAPI. Report a significant bug in one these areas and you'll get a free t-shirt and one free server license.
For more details on how to participate in our bug hunt contest, go to:
This offer has expired.
________________________ REPORT A BUG - WIN A T-SHIRT ! _________________________
This issue's tip was submitted by a SecureCRT user who has found some innovative uses for the SecureCRT chat window. This customer has even saved on his cell phone bill!
Here are some of the ways this customer is using the chat window:
Read more about how to use the chat window to save time and get rid of some hassles at:
If we use your tip, we'll send you a VanDyke t-shirt and an Amazon.com gift certificate!
SecureCRT 4.0 was recently reviewed in the Computerworld Security Log User Review (July 7, 2003).
The review mentions the Public Key Assistant and session management features new in SecureCRT 4.0.
Read the review at:
If you're using an older version of SecureCRT, see the new capabilities you get in SecureCRT 4.0 at:
When Agfa-Gevaert corporate headquarters in Mortsel, Belgium, needed to provide secure system administration of critical business systems, they wanted a solution with both a simple user interface and a high level of functionality and customization.
Tim Groenwals, Global Security Technology Manager for Agfa-Gevaert Global Information and Communication Services, investigated various shell access and file transfer solutions. "We went with SecureCRT and SecureFX," said Groenwals. "They give us all the functionalities we require - and a lot more. We like that the products are highly customizable. They've got a nice GUI, lots of features. It's a good package."
Read more about how Agfa system administrators use SecureCRT and SecureFX for secure remote access and secure file transfer at:
The beta 9 releases of VShell Server 2.2 for Windows and UNIX are now available. VShell Server for UNIX 2.2 (beta 9) introduces support for FreeBSD. VShell Server 2.2 increases your choices for enterprise-wide authentication methods by introducing support for Kerberos v5 authentication via GSSAPI. VShell 2.2 provides you with more options to fine-tune your server and environment and limit access to sensitive areas.
To find out more about VShell Server 2.2, visit:
New maintenance releases are available for SecureFX 2.1.6 and Entunnel 1.0.6.
You can download new releases at:
For quick access to previous official releases, go to:
Here are our latest official product releases:
VShell Server for Windows 2.1.5
To download any of our current releases, go to:
Let us know what you think about this issue. Was the tip useful? Did you like the feature? Is there a topic you'd like to see us write about? Send us an e-mail at:
VanDyke Company News is an opt-in mailing list. If you prefer not to receive e-mail like this from us, or need to change your e-mail address, go to:
with the following message in the body of your e-mail:
VanDyke Software, AbsoluteFTP, CRT, Entunnel, SecureCRT, SecureFX, and VShell are trademarks or registered trademarks of VanDyke Software, Inc.
All other products and services mentioned are trademarks or registered
trademarks of their respective companies.