Future of kerberised telnet, login, rsh, ftp?
jrudd at ucsc.edu
Thu Jul 7 17:48:18 EDT 2005
On Jul 7, 2005, at 12:52 AM, Mans Nilsson wrote:
> Subject: Future of kerberised telnet, login, rsh, ftp? Date: Wed, Jul
> 06, 2005 at 11:20:41AM +1000 Quoting Andrew Bartlett
> (abartlet at samba.org):
>> As a relative newcomer to the kerberos world, I'm wondering what the
>> future of tools like kerberised telnet, rsh, ftp and the like is. It
>> seems from my viewpoint that OpenSSH (with the gssapi mode) and things
>> like pam_krb5 have taken over from these tools.
> I use them, support them and want them. They are vital to our IT
> infrastructure. The telnet client is IME better on really bad
> networks, which one sometimes must use.
Yeah, I depend heavily on kerberized rsh and rcp for automated tasks.
And I use kerberized rlogin quite a bit too.
AFAIK, I wouldn't be able to take a kerberos ticket on my local
machine, use it to authenticate to sshd on a remote host, forward the
ticket to the remote host, and have the remote host immediately take
that forwarded ticket and get me an AFS token. I'm not aware of any
way to do that only using ssh (at least not with a pre-canned one --
installing patches that wont apply against any and every version of
OpenSSH is not an acceptable solution).
Until ssh can do that, it wont be something I use heavily at work.
It's just what I use to get back and forth between home machines and
work machines (because I don't run kerberos at home).
More information about the krbdev