Future of kerberised telnet, login, rsh, ftp?

Andrew Bartlett abartlet at samba.org
Tue Jul 5 23:44:39 EDT 2005

On Wed, 2005-07-06 at 09:31 +0600, Ilia Chipitsine wrote:
> > As a relative newcomer to the kerberos world, I'm wondering what the
> > future of tools like kerberised telnet, rsh, ftp and the like is.  It
> > seems from my viewpoint that OpenSSH (with the gssapi mode) and things
> > like pam_krb5 have taken over from these tools.
> when using kerberised telnet, there's no clear text password exchange.
> telnet requests a key from kerberos server and that communication is 
> encrypted.
> as for pam_krb5, there's clear text password exchange between telnet and 
> server, only server<-->kerberos connection is encrypted.
> so, I wouldn't consider telnet+pam_krb5 as replacement for kerberised 
> telnet.

Indeed, I was referring to kerberised 'login' as being superseded by PAM
and pam_krb5, in particular on Linux systems.

Andrew Bartlett

Andrew Bartlett                                http://samba.org/~abartlet/
Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
Authentication Developer, Samba Team           http://samba.org
Student Network Administrator, Hawker College  http://hawkerc.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20050706/d6ddb13b/attachment.bin

More information about the krbdev mailing list