svn commit: r279603 - in head: bin/rcp usr.bin/rlogin usr.bin/rsh
Slawa Olhovchenkov
slw at zxy.spb.ru
Thu Mar 5 15:17:36 UTC 2015
On Thu, Mar 05, 2015 at 10:11:43AM -0500, Benjamin Kaduk wrote:
> On Thu, Mar 5, 2015 at 9:40 AM, Slawa Olhovchenkov <slw at zxy.spb.ru> wrote:
>
> > On Thu, Mar 05, 2015 at 02:20:59PM +0000, David Chisnall wrote:
> >
> > > Does telnet come with a massive selection of options for insecure login
> > / authentication? Yes.
> >
> > This is may right to use or not to use secure or not secure login /
> > authentication.
> > Also, I am use telnet login for check kerberos authentication (ssh
> > kerberos authentication (SSO) broken 10 years ago. nobody care).
> >
>
> Other people are covering the rest of the issues, so I will cover just this
> one point.
>
> telnet with kerberos authentication was broken 15 years ago, by the EFF's
> Deep Crack and its successors. Kerberized telnet supports only DES, which
> has not been secure for a long time. The last I heard, $50 would buy you a
> DES key brute-force with a day turnaround.
>
> Speaking as an upstream maintainer: don't use kerberized telnet.
I am use this for test kerberos setup (check all setup correctly).
> I use kerberized ssh all the time; please tell me more about how it is
> broken (a new thread would be best).
kerberized ssh broken in SSO mode: you can't do ssh login to
kerberized host (from outside world), input kerberos password and use
kerberos ticket.
This is issuse between PAM and ssh thread emulation.
More information about the svn-src-all
mailing list