telnet & ftp official status
Jeffrey Hutzelman
jhutz at cmu.edu
Sat Oct 4 12:16:10 EDT 2008
--On Saturday, October 04, 2008 02:22:54 PM +0100 Simon Wilkinson
<simon at sxw.org.uk> wrote:
>
> On 4 Oct 2008, at 01:40, Ken Hornstein wrote:
>> Perhaps it is better in
>> other SSH implementations, but I have no experience with them.
>
> This is an implementation, rather than a protocol, deficiency.
Funny; that's what I was going to say. This _wasn't_ in the protocol
initially, but was added as a result of a specific request to be able to do
this. Unfortunately, IMHO we weren't strong enough about it; we said the
server MAY send this information instead of specifying that it SHOULD.
Sadly, I don't think it would help much. What the protocol actually
carries is a GSS major and minor status and a text message. A server
implementation which does not have intimate details about the underlying
GSS-API mechanism implementation can't do much better than to call
GSS_Display_status, which returns exactly those values. Unfortunately, it
is all too common for the returned error to be KRB5KRB_ERR_GENERIC, with
the real error being buried in a Kerberos protocol field that never gets
extracted.
-- Jeff
More information about the krbdev
mailing list