Subject: Re: US crypto export resctrictions 'unconstitutional'
To: Jonathan Stone <jonathan@DSG.Stanford.EDU>
From: Aidan Cully <>
List: current-users
Date: 05/07/1999 21:49:28
On Fri, May 07, 1999 at 03:28:08PM -0700, Jonathan Stone wrote:
> In message <>,
> Andrew Gillham writes:
> >Perry E. Metzger writes:
> >> 
> >[...]
> >> 
> >> 2) Domestic is worthless anyway. Who wants 1DES based Kerb IV anyway?
> >> 
> >> Perry
> >
> >So why is this "broken" implementation still in the tree then?  
> Our intree krb4 works well with both AFS and MIT v4 KDCs, Since krb5
> has v4 backward compatiblity) it works with krb , our krb4 also
> interoperates with krb5.

There are a couple of issues, IIRC..  In particular, I'm pretty sure
the domestic 'passwd' program doesn't work with krb5's kadmind4..  This
is a fairly easy fix, but I'm not too worried about getting to it since
krb5 integration shouldn't take that much more work.

> >It
> >claims to be "supported", but doesn't appear to work except with a
> >couple clients.  
> We only have one real client in the tree, AFAIK: telnet.  The
> kerberised rsh/rlogin clients were removed for reasons I didnt
> understand and which sounded more religious than technical.

I was planning on enabling krb5 rsh/rlogin, and also GSSerizing our
ftp client/server.  Is this a bad idea?

> >Is anyone working on Kerberos 5 packages?
> There is work being done on `integrating' krb5, yes.
> I'll leave it for them to answer.

Yes, I'm working on integrating krb5..  This has gone slowly (even
_really_ slowly) for a number of different reasons, not least of which
is that changing NetBSD still makes me pretty nervous.  I plan to post
a proposal here when I'm ready to start integrating.

"Hey Killjoy!  How's your niece who's marrying a doctor?"
"It's time to admit that man's capacity for genocide is not aberrational,
 but is part of his nature!"
	-- Tom the Dancing Bug's Super-Fun-Pak Comix