On Wed, 11 Nov 2015, Daniel Kalchev wrote:

> Perhaps similar level of security could be achieved by “the old tools”
> if they were by default compiled with Kerberos. Although, this still
> requires building additional infrastructure.

The kerberized versions of the old tools are basically unsupported
upstream at this point.  Telnet is actively insecure, being limited to
single-DES; rlogin may be somewhat better but it's still not looking very
good.  ssh is better because it speaks GSS-API instead of raw kerberos,
and can thus keeps up with newer crypto automatically.

When I was working at MIT, I considered making a final release of the
krb5-appl distribution, so as to include in the release announcement that
they were not going to be supported further, but could not even bring
myself to do that.  They are not in Debian anymore, and I expect them to
dwindle from other distributions, too.

Let the "old tools" grow old and retire.

freebsd-current@freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"

Reply via email to