Future of kerberised telnet, login, rsh, ftp?
ilia at paramon.ru
Tue Jul 5 23:31:09 EDT 2005
> As a relative newcomer to the kerberos world, I'm wondering what the
> future of tools like kerberised telnet, rsh, ftp and the like is. It
> seems from my viewpoint that OpenSSH (with the gssapi mode) and things
> like pam_krb5 have taken over from these tools.
when using kerberised telnet, there's no clear text password exchange.
telnet requests a key from kerberos server and that communication is
as for pam_krb5, there's clear text password exchange between telnet and
server, only server<-->kerberos connection is encrypted.
so, I wouldn't consider telnet+pam_krb5 as replacement for kerberised
> I note that recent security advisories for both distributions were in
> these 'utility' programs (telnet, ftpd etc) rather than in the core
> kerberos code.
> Do these tools still have wide use? Is there a plan to phase them out,
> or maintain them separately to the main kerberos distribution?
> (This was brought up by a look we are taking on samba-technical about
> what proportion of Heimdal to import, with a strong view to avoid
> including these apps).
> Andrew Bartlett
> Andrew Bartlett http://samba.org/~abartlet/
> Samba Developer, SuSE Labs, Novell Inc. http://suse.de
> Authentication Developer, Samba Team http://samba.org
> Student Network Administrator, Hawker College http://hawkerc.net
More information about the krbdev