[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Future of kerberised telnet, login, rsh, ftp?




> I note that recent security advisories for both distributions were in
> these 'utility' programs (telnet, ftpd etc) rather than in the core
> kerberos code.  

There have been security issues with these and there have been issues
with OpenSSH in the past and there will be issues with both OpenSSH
and Kerberos stuff in the future. Can't we be happy about the fact
that we use ssh here and telnet there so that not _everyone_ is using
the same code with the result that _all_ of us are exposed
_at_the_same_time_?

> Do these tools still have wide use?  Is there a plan to phase them out,
> or maintain them separately to the main kerberos distribution?

I think they are included in the original heimdal-X.Y.tar.gz because
they are used.

> (This was brought up by a look we are taking on samba-technical about
> what proportion of Heimdal to import, with a strong view to avoid
> including these apps).

Including where? There are enough crippled heimdal "ports" around, I
don't need more half done heimdal ports which force me to roll my own
port och package or rpm or deb or what's-it-called in spite of the
distribution claiming to have a "heimdal". I'm tired of getting
"heimdals" that don't have working rsh or kx.

Harald.