On Wed, 11 Nov 2015, Daniel Kalchev wrote: > > Perhaps similar level of security could be achieved by “the old tools” > if they were by default compiled with Kerberos. Although, this still > requires building additional infrastructure.
The kerberized versions of the old tools are basically unsupported upstream at this point. Telnet is actively insecure, being limited to single-DES; rlogin may be somewhat better but it's still not looking very good. ssh is better because it speaks GSS-API instead of raw kerberos, and can thus keeps up with newer crypto automatically. When I was working at MIT, I considered making a final release of the krb5-appl distribution, so as to include in the release announcement that they were not going to be supported further, but could not even bring myself to do that. They are not in Debian anymore, and I expect them to dwindle from other distributions, too. Let the "old tools" grow old and retire. -Ben _______________________________________________ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
