Future of kerberised telnet, login, rsh, ftp?

Ilia Chipitsine ilia at paramon.ru
Tue Jul 5 23:31:09 EDT 2005

> As a relative newcomer to the kerberos world, I'm wondering what the
> future of tools like kerberised telnet, rsh, ftp and the like is.  It
> seems from my viewpoint that OpenSSH (with the gssapi mode) and things
> like pam_krb5 have taken over from these tools.

when using kerberised telnet, there's no clear text password exchange.
telnet requests a key from kerberos server and that communication is 

as for pam_krb5, there's clear text password exchange between telnet and 
server, only server<-->kerberos connection is encrypted.

so, I wouldn't consider telnet+pam_krb5 as replacement for kerberised 

> I note that recent security advisories for both distributions were in
> these 'utility' programs (telnet, ftpd etc) rather than in the core
> kerberos code.
> Do these tools still have wide use?  Is there a plan to phase them out,
> or maintain them separately to the main kerberos distribution?
> (This was brought up by a look we are taking on samba-technical about
> what proportion of Heimdal to import, with a strong view to avoid
> including these apps).
> Andrew Bartlett
> -- 
> Andrew Bartlett                                http://samba.org/~abartlet/
> Samba Developer, SuSE Labs, Novell Inc.        http://suse.de
> Authentication Developer, Samba Team           http://samba.org
> Student Network Administrator, Hawker College  http://hawkerc.net

More information about the krbdev mailing list