Vendor comments on plan to remove telnet, ftp and eventually appl/bsd
eichin-krb at thok.org
Mon Jul 22 16:28:00 EDT 2002
> The BSD application set, particularly klogind and Kerberized rlogin, are
> very useful applications because they're extremely simple. They don't try
Simple to the point of not working, maybe. The "out-of-band data"
crock has never worked right, though at this point the kerberos
version has been rev'ed to not use it. The rsh "stderr back-channel"
also makes it unusable in many environments -- the "better security
track record" there comes from "it doesn't work at all, so we don't
care how secure it is"...
I've picked up comments from sysadmins who say "oh, we run sshd and
klogind... so that when an ssh advisory comes out, we can shut it off
and use klogin until we have a fix, and when klogin advisories come
out, we can shut that off until it gets fixed, but they usually don't
overlap." This isn't a sign that either of them are any *good*...
More information about the krbdev