tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: rshd...

> [...].  But I personally prefer the use of ktelnet and krlogin.

> Why?  Well, due to ssh's complexity, it is very difficult to debug
> problems when things go wrong.  You have a hard time even getting the
> real Kerberos error message out of ssh in a number of cases.

This is a quality-of-implementation issue, not anything inherent to
Kerberized ssh.

It's not clear whether you're talking about the protocol or the
particular implementation of it that NetBSD currently ships with.  If
the former, this is unjustified; if the latter, it's justified but
there is then, at least potentially, a third option, that being to use
some other implementation.  (What that `other implementation' might be
I don't know; the only other implementation I know anything significant
about is my own, and it currently has no Kerberos support.)

> Also, the whole thing about the ssh developers hating Kerberos for
> some strange reason doesn't really help things either.

This too is an implementation-specific issue.

/~\ The ASCII                             Mouse
\ / Ribbon Campaign
 X  Against HTML      
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Home | Main Index | Thread Index | Old Index