Subject: Re: rfc2228 in ftpd
To: None <,>
From: Geoff Adams <>
List: tech-userlevel
Date: 06/25/2002 03:13:56
On Sunday, June 23, 2002, at 11:07 PM, Perry E. Metzger wrote:

> Ken Hornstein <> writes:
>> FWIW, RFC 2228 is fairly well-known in the Kerberos community; I use a
>> RFC 2228 ftp client every day.  I'm not sure how widely it is used 
>> outside
>> of the Kerberos community, though (the implementations that I'm aware
>> of that do GSSAPI are only really set up to do Kerberos/GSSAPI ... but
>> there might be some DCE implementations out there that I'm not aware 
>> of).
> I was very unaware of that -- maybe it is a point in favor of rolling
> in the implementation.

Just to add another voice to the choir, I too use RFC 2228 on a daily 
basis. In fact, last year, I mashed the MIT, Heimdal, and NetBSD ftp 
servers together to create a server that could authenticate users via 
Kerberos/GSSAPI or S/Key, in order to make things seamless for my users 
and me. Because of the difficulty involved in doing that, I haven't 
incorporated the new features that have gone into the NetBSD ftpd since 
then. (I guess this could count as another implementation, although it's 
a derivative work, and I never distributed it, so it's not in wide 
use. :)

RFC 2228 (as used with Kerberos) solves a number of problems in a very 
convenient and scalable way, and certainly has value and use. I'd also 
argue that it's not "new."

I'd be very pleased to have the NetBSD ftpd do GSSAPI out of the box. 
I've downloaded the patch, and I'll be examining it shortly.

- Geoff