Vendor comments on plan to remove telnet, ftp and eventually appl/bsd
Matt Crawford
crawdad at fnal.gov
Tue Jul 23 04:54:01 EDT 2002
> The BSD application set, particularly klogind and Kerberized rlogin, are
> very useful applications because they're extremely simple. They don't try
> to do very much, and as such they have a *significantly* better security
> track record than ssh does.
Damn straight. A week after I'd turned in the security plan for the
KDC's, with the words
For remote access the Kerberos
remote login and remote shell services are allowed, with mandatory
stream encryption. (The telnet and ftp protocols are more complex
and hence not as tractable to security analysis.)
in it, along came the next tenetd vulnerability. And of course
everything you can say against telnetd and ftpd goes triple for sshd.
No matter what MIT distributes, I need to keep the access apps, and
the r-commands in particular.
More information about the krbdev
mailing list