Vendor comments on plan to remove telnet, ftp and eventuallyappl/bsd Nicolas.Williams at
Tue Jul 23 10:16:00 EDT 2002

> Our assumption is that making Kerberos useful is already beyond the
> ability of individual users; for a full Kerberos setup you want
> Kerberos, SASL (potentially of multiple varieties), Ssh, the Kerberos
> Ssh patches, you'll soon want OpenSSL built against Kerberos, etc.
> Yes, individuals can build this, but more and more they are going to
> want packages from vendors that have all the components prebuilt.
> Especially as Kerberos gets more complex (pkinit) and gains more
> external dependencies, this will be more true.

You are saying that you're going to place limits on what MIT will
implement in the Kerberos realm - specifically you want to stay out
of the application area. That's fine if others can pick up the slack.

Reading the other responses, I think that, indeed, the r-commands are
worth keeping - you're right, it will be better to have MIT support
those than for the rest of us to support them locally.

> So we assume that we are targeting sites and vendors much more than
> individuals.  We suspect individuals ought to be getting Kerberized
> utilities from services like, their core OS, or
> someone who packages Kerberos for their OS.

I will admit here that the lack of vendor support, timely support too,
has been, well, vexing. Looking around the Kerberos community I see
that many support local modifications to MIT krb5 and related software.

Better vendor support would be ideal. But, frankly, it seems that
precious few vendors actually get the importance and utility of

And yes, some of us will soon want OpenSSL with Kerberos TLS support,
and PKINIT, and other such things, including web browser and server
support for the Brezak GSS/HTTP draft and/or SSL/TLS/Kerberos. Some of
this is happening already.



Visit our website at

This message contains confidential information and is intended only 
for the individual named.  If you are not the named addressee you 
should not disseminate, distribute or copy this e-mail.  Please 
notify the sender immediately by e-mail if you have received this 
e-mail by mistake and delete this e-mail from your system.

E-mail transmission cannot be guaranteed to be secure or error-free 
as information could be intercepted, corrupted, lost, destroyed, 
arrive late or incomplete, or contain viruses.  The sender therefore 
does not accept liability for any errors or omissions in the contents 
of this message which arise as a result of e-mail transmission.  If 
verification is required please request a hard-copy version.  This 
message is provided for informational purposes and should not be 
construed as a solicitation or offer to buy or sell any securities or 
related financial instruments.

More information about the krbdev mailing list