Future of kerberised telnet, login, rsh, ftp?
Douglas E. Engert
deengert at anl.gov
Wed Jul 6 14:03:23 EDT 2005
Donn Cave wrote:
> On Jul 5, 2005, at 7:07 PM, Russ Allbery wrote:
> [... re ssh supplanting telnet/ftp ...]
>> I would hope that it could eventually, but OpenSSH's GSSAPI support is
>> currently not sufficient to allow it to do so. For so long as one needs
>> third-party patches to OpenSSH for adequate Kerberos support, I don't
>> think that we're ready to live in that world.
I believe with version OpenSSH-4.1p1 there are no third party patches needed.
(Unless there is no PAM support.) We have been able to use the
pam session routines to get AFS tokens from delegated gssapi credentials
as well as from pam authentication.
So what patches do people still believe are needed?
> And that's just one ssh implementation. Has anyone
> heard rumors of movement towards the "adequate"
> brand of GSSAPI support in ssh.com's implementation?
Don't know about ssh.com, But SecureCRT and PuTTY (with patches)
works well with OpenSSH and Kerberos.
> I can't really defend the choice to use ssh.com, but in
> practice it's significant enough to make it even less
> realistic to call SSH2 a Kerberos option.
> Donn Cave, donn at u.washington.edu
> krbdev mailing list krbdev at mit.edu
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
More information about the krbdev