Vendor comments on plan to remove telnet, ftp and eventually appl/bsd

Sam Hartman hartmans at MIT.EDU
Mon Jul 22 13:11:01 EDT 2002

>>>>> "Russ" == Russ Allbery <rra at> writes:

    Russ> Sam Hartman <hartmans at> writes:
    >> OK.  I don't know whether we plan on meeting this requirement;
    >> I rather suspect not.  We'll try to keep command line
    >> compatibility for ftp and telnet, but our assumption is that no
    >> one actually wants to maintain a Kerberos bsd application set
    >> for us to recommend and that we'll be dropping that technology
    >> as soon as there is a viable alternative.

    Russ> The BSD application set, particularly klogind and Kerberized
    Russ> rlogin, are very useful applications because they're
    Russ> extremely simple.  They don't try to do very much, and as
    Russ> such they have a *significantly* better security track
    Russ> record than ssh does.

I tend to agree that they are simpler.  I'm not sure how much of their
security track record has to do with the simplicity and how much has
to do with a lack of critical examination.

    Russ> I'm really hesitant to replace those programs with some
    Russ> other set of applications that try to do more, because that
    Russ> will inevitably mean that there will be more security
    Russ> vulnerabilities.

Noted.  To clarify we don't expect any changes in this regard for the
next release; we're starting the discussion now so we can figure out
if there are other products we should be looking at, or if we need to
examine any of our assumptions.

More information about the krbdev mailing list