Code review request

Russ Allbery rra at
Tue Aug 8 20:47:06 EDT 2006

Philip Prindeville <philipp at> writes:

> Actually, I run an FTP repository with anonymous access...  it's behind
> a firewall that doesn't provide enough stateful inspection to handle
> brute-force password attacks, however.

If you're just running an anonymous FTP server, you really don't want to
be using the ftpd that comes with Kerberos.  You really want to install an
FTP daemon that's specifically designed for anonymous FTP service.  I have
had good luck with vsftpd.  Other people use proftpd or one of the many
others out there.  The MIT Kerberos ftpd will work, but it's really not
optimized or designed for high-volumen anonymous FTP service.

If you're purely doing anonymous FTP, you can disable authentication
entirely when using an ftpd designed for that.

Russ Allbery (rra at             <>

More information about the krbdev mailing list