On Mon, Aug 27, 2001 at 04:28:22PM -0700, Andrew Gillham wrote:
> On Mon, Aug 27, 2001 at 05:40:54PM -0400, David Maxwell wrote:
> > 
> > Not quite the same thing - as using telnet to login as root is only
> > slightly better than writing your root password on the nearest bathroom
> > door. ("For a good time, login...")
> 
> Even with the '-x' option?  I thought kerberos was supposed to be secure?

The default config of the daemon supports plaintext logins - and there's
no guarantee that -x is available in your telnet client implementation.

Also, disabling root logins was done back when telnetd was enabled in a
standard installation, so the defaults were picked with that in mind.
The fact that there may be a safe way to use telnet doesn't make it okay
to ignore that it's likely to be used unsafely.

For that matter, compare OpenSSH's choice to remove the 'none' cipher,
to prevent people from unsafely using a 'Secure Shell'.

-- 
David Maxwell, david@vex.net|david@maxwell.net --> Mastery of UNIX, like
mastery of language, offers real freedom. The price of freedom is always dear,
but there's no substitute. Personally, I'd rather pay for my freedom than live
in a bitmapped, pop-up-happy dungeon like NT. - Thomas Scoville