Vendor comments on plan to remove telnet, ftp and eventually appl/bsd

Sam Hartman hartmans at MIT.EDU
Mon Jul 22 08:56:00 EDT 2002

>>>>> "Anthony" == Anthony Brock <abrock at> writes:

    Anthony> Would it be possible to "integrate" these with the source
    Anthony> code distribution? Specifically, at each release of the
    Anthony> source code, could the "recommended replacement" be
    Anthony> shipped (as an additional tar.gz?)  inside the krb5
    Anthony> source code distribution? 

A significant reason for doing this is to get out of the business of
supporting these applications and to make that be someone else's
problem.  We'd certainly include a pointer to the software we're
recommending but including it in our source release involves a lot of
tracking on our part and creates complexities when there are telnet or
ftp security problems.  

We are assuming that most of our customers are OS vendors,
universities or companies that are adopting Kerberos as part of a
complete security solution including other products like SASL, Ssh,
soon krb5-TLS, etc.  We also have another set of customers who just
want the raw Kerberos libraries for some special purpose application.

We believe that the first set of customers already have mechanisms in
place for distributing software besides Kerberos and adding a
telnet/ftp distribution to the set of software they are distributing
would not be unreasonable effort.  We believe that having a telnet and
ftp that is actually maintained with bugs fixed promptly would benefit
these customers more than having this integrated in Kerberos.  We also
suspect people will benefit from us being able to focus our time on
the core Kerberos libraries.

We suspect that the second group of customers does not care about ftp or telnet at all.

In part we're sending this query to understand to what extent our
understanding of our customer base is correct and to see if there are
any other significant customer groups.


More information about the krbdev mailing list