[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proposal: remove krb5-appl (rlogin, rsh, telnet, ftp with krb5 support)

Simon Toedt <simon.toedt@gmail.com> writes:

> If courses there is another issue: What still left as "use case" of
> Kerberos5 if krb-rsh and krb-rlogin are no longer available? Typical
> university setup is krb-NFSv3/krb-NFSv4 plus krb-rlogin internally and
> ssh only for external access.

I am quite dubious of this statement.  My peers at other universities have
all or nearly all switched to ssh.

> What do you wish to sell them as krb-rsh/rlogin replacement? ssh?
> Seriously?

Yes, we stopped using those programs years ago in favor of ssh without a
single issue and with quite a bit of happiness on the part of our users,
since now Mac OS X works out of the box with Kerberos logins and Windows
is much easier to get working.

I think most people who looked in detail at the network protocol
implementation of rsh and rlogin would stop using them as well.  Both
are... to put it kindly, exceptionally weird.  rsh in particularly is
nearly impossible to firewall properly.

Anyway, krb5-appl has no upstream developers other than some courtesy
support by the MIT Kerberos developers because they feel some
responsibility for the legacy applications.  I think those who really want
to keep those programs should also be thinking about joining in upstream
development.  (And, regardless, the telnet implementation really needs to
go away.)

Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to: