Vendor comments on plan to remove telnet, ftp and eventually appl/bsd
rra at stanford.edu
Mon Jul 22 13:02:00 EDT 2002
Sam Hartman <hartmans at mit.edu> writes:
> OK. I don't know whether we plan on meeting this requirement; I rather
> suspect not. We'll try to keep command line compatibility for ftp and
> telnet, but our assumption is that no one actually wants to maintain a
> Kerberos bsd application set for us to recommend and that we'll be
> dropping that technology as soon as there is a viable alternative.
The BSD application set, particularly klogind and Kerberized rlogin, are
very useful applications because they're extremely simple. They don't try
to do very much, and as such they have a *significantly* better security
track record than ssh does.
I'm really hesitant to replace those programs with some other set of
applications that try to do more, because that will inevitably mean that
there will be more security vulnerabilities.
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the krbdev