krb5-appl/1087: ftp clients can't connect to ftpd over a NAT

Jeffrey Altman jaltman at
Wed Apr 17 14:19:01 EDT 2002

> >>>>> "Donn" == Donn Cave <donn at> writes:
>     Donn> A conservative policy for minor releases is a good thing in
>     Donn> general - I really hate it when every release, no matter how
>     Donn> minor, includes some gratuitous feature change!  But in
>     Donn> support of this request - how many sites out there aren't
>     Donn> going to need this patch?  Is there any site left in the
>     Donn> world that isn't stuck with at least some NAT users?  It's
>     Donn> broke, isn't it, and probably for the majority of sites?
> It's not even a bug fix.  I don't think you can realistically say that
> Kerberos has ever supported NAT for ftp even a little bit.  We'll add
> such support in the next major release.
> Hopefully, soon, people will start using GSSAPI sftp and scp instead
> of ftp.

How can you say that?  Ok, don't answer that question.

SFTP and SCP are inherently broken when it comes to supporting
cross-platform environments.  They are fine in a Unix to Unix world.
Barely work in a Unix to Windows world.  And falls flat on its face
when dealing with VMS, OS/400, VM systems, and many PDA operating

FTP is going to be with us for quite some time if only because SFTP
and SCP do not have well defined platform independent network
representations for anything other than pure binary 8-bit data

 Jeffrey Altman * Sr.Software Designer      Kermit 95 1.1.21  available now!!!
 The Kermit Project @ Columbia University   SSH plus Telnet, FTP and HTTP             secured with Kerberos, SRP, and 
 kermit-support at                OpenSSL.

More information about the krbdev mailing list