[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proposal: remove krb5-appl (rlogin, rsh, telnet, ftp with krb5 support)

On Thu, Jan 23, 2014 at 5:25 PM, Sam Hartman <hartmans@debian.org> wrote:
> hi.
> A few months ago, Russ Allberry stepped down from co-maintaining
> krb5-appl.
> I'm reasonably happy to keep maintaining it, although when we thought
> about it, we cannot think of anyone using the package.
> It provides krb5 versions of rlogin, rsh, ftp and telnet.
> The telnet is insecure and should not be used; even with encryption
> turned on, it's only DES and has other design defects.
> The other utilities kind of work, but ssh (with Kerberos authentication
> if desired) is a much better solution.

Only in cases when Kerberos5 is not available.
One major advantage over ssh is that krb5-rsh has much lower latency
and overhead (in terms of used cpu time) when executing a plain
/bin/true on a remote host, doing that in a loop over 1000 logins can
take hours with ssh but takes minutes with krb-rsh. ssh is a *major*
pain in the arse if you have a distributed cluster which depends on
rsh/ssh - with ssh the cpu time overhead is so great that it often
doesn't even make sense to call the remote host to offload a job.
krb-rsh is much more lightweight, e.g. consumes much less cpu time.


Reply to: