Code review request

Ken Hornstein kenh at
Tue Aug 8 13:06:40 EDT 2006

>So, here's the basic problem:  The appl tree in MIT Kerberos hasn't
>received much attention for a while.  I've volunteered to try to maintain
>it as much as I can find time (which so far hasn't been much, and there
>are other things like OpenAFS that get a higher priority) because we use
>Kerberos rlogin and rsh extensively at Stanford and they still have some
>substantial benefits for us over ssh.  However, telnet and ftpd are a
>different story.  Both are far more complex than rsh and rlogin and my
>feeling is that they're less-used; we certainly don't use ftp/ftpd at all
>and don't use telnet/telnetd except for backward compatibility to an app
>that we're getting rid of within the next year or two.

Hey!  We still make HEAVY use of telnet and ftp.  So at least someone
cares about them.  And while telnet is a mess, protocol-wise, the FTP
protocol is relatively straightforward; it's no worse than any of the
SASL-ified protocols, for example.

>I'm actually a bit curious as to why you'd want to add greylisting to ftpd
>in particular.  Do you have a lot of GSS-API ftp clients?  That's a
>protocol that I'm honestly a bit surprised anyone has deployed to any
>great extent; from my vantage point, FTP seems to be dying fast in general
>and authenticated FTP losing quickly to SFTP (which, in recent versions of
>OpenSSH, also supports GSS-API).

Actually ... FileZilla supports it on Windows, and Fetch supports it on
the Mac.  Aside from the traditional command-line ftp clients, of course.
I still see ftp going really strong here; one major sucky thing about
SFTP is that it is very difficult to get it to not encrypt your data.
Maybe this is fine for the regular user, but when you want to move around
a few terabytes that you don't care about it being encrypted, being able
to turn off encryption is helpful.


More information about the krbdev mailing list