telnet & ftp official status
Ken Hornstein
kenh at cmf.nrl.navy.mil
Fri Oct 3 20:40:19 EDT 2008
>FTP may perform better than many SFTP/SSHv2 implementations; I'm not
>sure. Other than that I can't think what advantages the MIT krb5 apps
>offer over SSHv2. I don't think such an advantage should be considered
>significant -- let the SSHv2 implementors improve their implementations'
>performance if that's needed.
The two big advantages that come to mind for me are:
- The code and protocols are simpler (Well, okay, telnet is the exception
here). That makes modification and maintenance easier.
- They actually _return all the damn Kerberos errors_. In OpenSSH
... well, you can run it in some super-debugging mode and get
client-side errors, if you want to spent your time sorting through
piles of crap. Server-side errors are not returned to the client
in most cases (rumor is that they are logged on the server
somewhere, but inevitably that's on some machine that I am not
an administrator on). The Kerberos integration in OpenSSH
just plain bites on a practical level. Perhaps it is better in
other SSH implementations, but I have no experience with them.
(Getting back to FTP ... it is out-of-the-box faster, assuming encryption
is not on of course, and it is easy to make it perform very fast).
Just FYI, I have no problem with the apps being split off to another
tree, or run by someone else (*cough* Russ *cough*).
--Ken
More information about the krbdev
mailing list