Vendor comments on plan to remove telnet, ftp and eventually appl/bsd

Sam Hartman hartmans at MIT.EDU
Tue Jul 23 09:30:00 EDT 2002

>>>>> "Wyllys" == Wyllys Ingersoll <wyllys.ingersoll at> writes:

    Wyllys> Distributing the core libraries and utilities without any
    Wyllys> actual client/server applications that actually use the
    Wyllys> protocol will make it a significantly less useful package.
    Wyllys> One big reason people choose Kerberos is to secure their
    Wyllys> authentication across a network and additionally to have
    Wyllys> some encryption support for previously unencrypted
    Wyllys> protocols (telnet, r*).  If you remove these apps from the
    Wyllys> distribution, the incentive to select Kerberos and go to
    Wyllys> the trouble of downloading, building, and installing it
    Wyllys> will be much less if there is not a set of applications
    Wyllys> that will make the network user's daily traffic more
    Wyllys> secure.

Our assumption is that making Kerberos useful is already beyond the
ability of individual users; for a full Kerberos setup you want
Kerberos, SASL (potentially of multiple varieties), Ssh, the Kerberos
Ssh patches, you'll soon want OpenSSL built against Kerberos, etc.
Yes, individuals can build this, but more and more they are going to
want packages from vendors that have all the components prebuilt.
Especially as Kerberos gets more complex (pkinit) and gains more
external dependencies, this will be more true.

So we assume that we are targeting sites and vendors much more than
individuals.  We suspect individuals ought to be getting Kerberized
utilities from services like, their core OS, or
someone who packages Kerberos for their OS.

I'm very interested in your comments on how realistic you think these
assumptions/direction are.

More information about the krbdev mailing list