[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Future of kerberised telnet, login, rsh, ftp?
> As a relative newcomer to the kerberos world, I'm wondering what the
> future of tools like kerberised telnet, rsh, ftp and the like is. It
> seems from my viewpoint that OpenSSH (with the gssapi mode) and things
> like pam_krb5 have taken over from these tools.
when using kerberised telnet, there's no clear text password exchange.
telnet requests a key from kerberos server and that communication is
encrypted.
as for pam_krb5, there's clear text password exchange between telnet and
server, only server<-->kerberos connection is encrypted.
so, I wouldn't consider telnet+pam_krb5 as replacement for kerberised
telnet.
>
> I note that recent security advisories for both distributions were in
> these 'utility' programs (telnet, ftpd etc) rather than in the core
> kerberos code.
>
> Do these tools still have wide use? Is there a plan to phase them out,
> or maintain them separately to the main kerberos distribution?
>
> (This was brought up by a look we are taking on samba-technical about
> what proportion of Heimdal to import, with a strong view to avoid
> including these apps).
>
> Andrew Bartlett
> --
> Andrew Bartlett http://samba.org/~abartlet/
> Samba Developer, SuSE Labs, Novell Inc. http://suse.de
> Authentication Developer, Samba Team http://samba.org
> Student Network Administrator, Hawker College http://hawkerc.net
>
- Prev by Date:
Re: Future of kerberised telnet, login, rsh, ftp?
- Next by Date:
Re: Future of kerberised telnet, login, rsh, ftp?
- Prev by thread:
Re: Future of kerberised telnet, login, rsh, ftp?
- Next by thread:
Re: Future of kerberised telnet, login, rsh, ftp?
- Index(es):