Vendor comments on plan to remove telnet, ftp and eventually appl/bsd
hartmans at MIT.EDU
Tue Jul 23 09:30:00 EDT 2002
>>>>> "Wyllys" == Wyllys Ingersoll <wyllys.ingersoll at sun.com> writes:
Wyllys> Distributing the core libraries and utilities without any
Wyllys> actual client/server applications that actually use the
Wyllys> protocol will make it a significantly less useful package.
Wyllys> One big reason people choose Kerberos is to secure their
Wyllys> authentication across a network and additionally to have
Wyllys> some encryption support for previously unencrypted
Wyllys> protocols (telnet, r*). If you remove these apps from the
Wyllys> distribution, the incentive to select Kerberos and go to
Wyllys> the trouble of downloading, building, and installing it
Wyllys> will be much less if there is not a set of applications
Wyllys> that will make the network user's daily traffic more
Our assumption is that making Kerberos useful is already beyond the
ability of individual users; for a full Kerberos setup you want
Kerberos, SASL (potentially of multiple varieties), Ssh, the Kerberos
Ssh patches, you'll soon want OpenSSL built against Kerberos, etc.
Yes, individuals can build this, but more and more they are going to
want packages from vendors that have all the components prebuilt.
Especially as Kerberos gets more complex (pkinit) and gains more
external dependencies, this will be more true.
So we assume that we are targeting sites and vendors much more than
individuals. We suspect individuals ought to be getting Kerberized
utilities from services like sunfreeware.com, their core OS, or
someone who packages Kerberos for their OS.
I'm very interested in your comments on how realistic you think these
More information about the krbdev