Code review request
rra at stanford.edu
Tue Aug 8 11:59:57 EDT 2006
Philip Prindeville <philipp at redfish-solutions.com> writes:
> And inline... of course, the tabs are converted to blanks...
> --- src/appl/gssftp/ftpd/ftpd.c.graylist 2006-06-07 20:13:07.000000000 -0600
> +++ src/appl/gssftp/ftpd/ftpd.c 2006-06-07 20:13:08.000000000 -0600
Ah, yes. I remember this originally.
So, here's the basic problem: The appl tree in MIT Kerberos hasn't
received much attention for a while. I've volunteered to try to maintain
it as much as I can find time (which so far hasn't been much, and there
are other things like OpenAFS that get a higher priority) because we use
Kerberos rlogin and rsh extensively at Stanford and they still have some
substantial benefits for us over ssh. However, telnet and ftpd are a
different story. Both are far more complex than rsh and rlogin and my
feeling is that they're less-used; we certainly don't use ftp/ftpd at all
and don't use telnet/telnetd except for backward compatibility to an app
that we're getting rid of within the next year or two.
What that means is that, beyond security fixes and bug fixes, I'm not sure
anyone really cares about the ftp or telnet parts of the app tree.
My understanding is that the SRP versions of telnet and ftp available
are supported and more actively developed (there was a new release as
recently as last December) and also support GSS-API authentication. To be
honest, you may be better off getting in contact with them and seeing if
they'll incorporate your patch because they probably have more cycles to
maintain the code.
I'm actually a bit curious as to why you'd want to add greylisting to ftpd
in particular. Do you have a lot of GSS-API ftp clients? That's a
protocol that I'm honestly a bit surprised anyone has deployed to any
great extent; from my vantage point, FTP seems to be dying fast in general
and authenticated FTP losing quickly to SFTP (which, in recent versions of
OpenSSH, also supports GSS-API).
All this doesn't mean that no one is ever going to look at your patch. I
may get guilty enough to look it over at some point, for instance. I just
want to be sure that you have a realistic idea of development priorities
and realize that you're contributing to a part of the MIT tree that, if
not dead, is at least moribund.
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the krbdev