Subject: Re: rfc2228 in ftpd
To: None <firstname.lastname@example.org, email@example.com>
From: Geoff Adams <firstname.lastname@example.org>
Date: 06/25/2002 03:13:56
On Sunday, June 23, 2002, at 11:07 PM, Perry E. Metzger wrote:
> Ken Hornstein <email@example.com> writes:
>> FWIW, RFC 2228 is fairly well-known in the Kerberos community; I use a
>> RFC 2228 ftp client every day. I'm not sure how widely it is used
>> of the Kerberos community, though (the implementations that I'm aware
>> of that do GSSAPI are only really set up to do Kerberos/GSSAPI ... but
>> there might be some DCE implementations out there that I'm not aware
> I was very unaware of that -- maybe it is a point in favor of rolling
> in the implementation.
Just to add another voice to the choir, I too use RFC 2228 on a daily
basis. In fact, last year, I mashed the MIT, Heimdal, and NetBSD ftp
servers together to create a server that could authenticate users via
Kerberos/GSSAPI or S/Key, in order to make things seamless for my users
and me. Because of the difficulty involved in doing that, I haven't
incorporated the new features that have gone into the NetBSD ftpd since
then. (I guess this could count as another implementation, although it's
a derivative work, and I never distributed it, so it's not in wide
RFC 2228 (as used with Kerberos) solves a number of problems in a very
convenient and scalable way, and certainly has value and use. I'd also
argue that it's not "new."
I'd be very pleased to have the NetBSD ftpd do GSSAPI out of the box.
I've downloaded the patch, and I'll be examining it shortly.