Re: Proposal: remove krb5-appl (rlogin, rsh, telnet, ftp with krb5 support)

On 28 January 2014 04:08, Russ Allbery <rra@debian.org> wrote:

(And, regardless, the telnet implementation really needs to go away.)

I don't know what problems telnet has, however I suspect you will find the Kerberos ftp to be equally as bad.

At one stage, I seem to recall there was a bug in heimdal ftpd that meant it would accept unencrypted commands despite encryption being turned on.

As far as I can tell, might have been the following commit that fixed this:

I thought there was a Debian bug report on this, but all I can see is http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=271534 which looks like it was closed a year earlier.

Reply to:

Follow-Ups:
- Re: Proposal: remove krb5-appl (rlogin, rsh, telnet, ftp with krb5 support)
  - From: Russ Allbery <rra@debian.org>

References:
- Proposal: remove krb5-appl (rlogin, rsh, telnet, ftp with krb5 support)
  - From: Sam Hartman <hartmans@debian.org>
- Re: Proposal: remove krb5-appl (rlogin, rsh, telnet, ftp with krb5 support)
  - From: Joshuah Hurst <joshhurst@gmail.com>
- Re: Proposal: remove krb5-appl (rlogin, rsh, telnet, ftp with krb5 support)
  - From: Philipp Kern <pkern@debian.org>
- Re: Proposal: remove krb5-appl (rlogin, rsh, telnet, ftp with krb5 support)
  - From: Simon Toedt <simon.toedt@gmail.com>
- Re: Proposal: remove krb5-appl (rlogin, rsh, telnet, ftp with krb5 support)
  - From: Russ Allbery <rra@debian.org>