krb5-appl/1087: ftp clients can't connect to ftpd over a NAT
Jeffrey Altman
jaltman at columbia.edu
Wed Apr 17 14:19:01 EDT 2002
> >>>>> "Donn" == Donn Cave <donn at u.washington.edu> writes:
>
> Donn> A conservative policy for minor releases is a good thing in
> Donn> general - I really hate it when every release, no matter how
> Donn> minor, includes some gratuitous feature change! But in
> Donn> support of this request - how many sites out there aren't
> Donn> going to need this patch? Is there any site left in the
> Donn> world that isn't stuck with at least some NAT users? It's
> Donn> broke, isn't it, and probably for the majority of sites?
>
> It's not even a bug fix. I don't think you can realistically say that
> Kerberos has ever supported NAT for ftp even a little bit. We'll add
> such support in the next major release.
>
> Hopefully, soon, people will start using GSSAPI sftp and scp instead
> of ftp.
How can you say that? Ok, don't answer that question.
SFTP and SCP are inherently broken when it comes to supporting
cross-platform environments. They are fine in a Unix to Unix world.
Barely work in a Unix to Windows world. And falls flat on its face
when dealing with VMS, OS/400, VM systems, and many PDA operating
systems.
FTP is going to be with us for quite some time if only because SFTP
and SCP do not have well defined platform independent network
representations for anything other than pure binary 8-bit data
streams.
Jeffrey Altman * Sr.Software Designer Kermit 95 1.1.21 available now!!!
The Kermit Project @ Columbia University SSH plus Telnet, FTP and HTTP
http://www.kermit-project.org/ secured with Kerberos, SRP, and
kermit-support at columbia.edu OpenSSL.
More information about the krbdev
mailing list