Vendor comments on plan to remove telnet, ftp and eventually appl/bsd

Matt Crawford crawdad at
Tue Jul 23 04:54:01 EDT 2002

> The BSD application set, particularly klogind and Kerberized rlogin, are
> very useful applications because they're extremely simple.  They don't try
> to do very much, and as such they have a *significantly* better security
> track record than ssh does.

Damn straight.  A week after I'd turned in the security plan for the
KDC's, with the words

    For remote access the Kerberos
    remote login and remote shell services are allowed, with mandatory
    stream encryption.  (The telnet and ftp protocols are more complex
    and hence not as tractable to security analysis.)

in it, along came the next tenetd vulnerability.  And of course
everything you can say against telnetd and ftpd goes triple for sshd.

No matter what MIT distributes, I need to keep the access apps, and
the r-commands in particular.

More information about the krbdev mailing list