Future of kerberised telnet, login, rsh, ftp?

Douglas E. Engert deengert at anl.gov
Wed Jul 6 14:03:23 EDT 2005

Donn Cave wrote:

> On Jul 5, 2005, at 7:07 PM, Russ Allbery wrote:
> [... re ssh supplanting telnet/ftp ...]
>> I would hope that it could eventually, but OpenSSH's GSSAPI support is
>> currently not sufficient to allow it to do so.  For so long as one  needs
>> third-party patches to OpenSSH for adequate Kerberos support, I don't
>> think that we're ready to live in that world.

I believe with version OpenSSH-4.1p1 there are no third party patches needed.
(Unless there is no PAM support.) We have been able to use the
pam session routines to get AFS tokens from delegated gssapi credentials
as well as from pam authentication.

So what patches do people still believe are needed?

> And that's just one ssh implementation.  Has anyone
> heard rumors of movement towards the "adequate"
> brand of GSSAPI support in ssh.com's implementation?

Don't know about ssh.com, But SecureCRT and PuTTY (with patches)
works well with OpenSSH and Kerberos.

> I can't really defend the choice to use ssh.com, but in
> practice it's significant enough to make it even less
> realistic to call SSH2 a Kerberos option.
>     Donn Cave, donn at u.washington.edu
> _______________________________________________
> krbdev mailing list             krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev


  Douglas E. Engert  <DEEngert at anl.gov>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the krbdev mailing list