Future of kerberised telnet, login, rsh, ftp?
rra at stanford.edu
Wed Jul 6 15:07:41 EDT 2005
Douglas E Engert <deengert at anl.gov> writes:
> OK, key exchange is needed, and is a general problem. Well where does
> this stand with regards to getting the OpenSSH people to add this? I
> know they know you have the mods, and that others would like to see it
> added. What type of community persuasion would it take to get them to
> add it?
> What I was also asking was if there where other local mods that sites
> also thought they needed.
If OpenSSH had key exchange in the standard source tree, I'd be happy with
it as an SSH server (and client) and could just use PAM for all the
non-GSSAPI stuff for clients that don't understand GSSAPI yet.
Ken's problem with error reporting still remains, however, as to my
concerns over protocol simplicity and security. I'm not sure if those
remaining issues would keep many people using Kerberos rlogin/rsh/telnet
(I question telnet the most because it *doesn't* have protocol simplicity
or a strong security track record going for it), though.
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the krbdev