telnet & ftp official status

Jeffrey Hutzelman jhutz at
Sat Oct 4 12:16:10 EDT 2008

--On Saturday, October 04, 2008 02:22:54 PM +0100 Simon Wilkinson 
<simon at> wrote:

> On 4 Oct 2008, at 01:40, Ken Hornstein wrote:
>>  Perhaps it is better in
>>   other SSH implementations, but I have no experience with them.
> This is an implementation, rather than a protocol, deficiency.

Funny; that's what I was going to say.  This _wasn't_ in the protocol 
initially, but was added as a result of a specific request to be able to do 
this.  Unfortunately, IMHO we weren't strong enough about it; we said the 
server MAY send this information instead of specifying that it SHOULD.

Sadly, I don't think it would help much.  What the protocol actually 
carries is a GSS major and minor status and a text message.  A server 
implementation which does not have intimate details about the underlying 
GSS-API mechanism implementation can't do much better than to call 
GSS_Display_status, which returns exactly those values.  Unfortunately, it 
is all too common for the returned error to be KRB5KRB_ERR_GENERIC, with 
the real error being buried in a Kerberos protocol field that never gets 

-- Jeff

More information about the krbdev mailing list