Date: Thu, 5 Mar 2015 18:17:32 +0300 From: Slawa Olhovchenkov <slw@zxy.spb.ru> To: Benjamin Kaduk <bjkfbsd@gmail.com> Cc: "svn-src-head@freebsd.org" <svn-src-head@freebsd.org>, "svn-src-all@freebsd.org" <svn-src-all@freebsd.org>, "src-committers@freebsd.org" <src-committers@freebsd.org> Subject: Re: svn commit: r279603 - in head: bin/rcp usr.bin/rlogin usr.bin/rsh Message-ID: <20150305151732.GA48476@zxy.spb.ru> In-Reply-To: <CAJ5_RoBk=5C2%2BMktu_ODc7C%2BNraUhiSprtKd-=3bj%2Bb5UPT_1g@mail.gmail.com> References: <20150305123016.GO48476@zxy.spb.ru> <20150305123053.GN17947@FreeBSD.org> <20150305123349.GP48476@zxy.spb.ru> <20150305123548.GO17947@FreeBSD.org> <48981079-C9B7-411D-87A3-5A8F04924314@FreeBSD.org> <AEB33C6A-8824-4345-81E1-95280AB20CFA@FreeBSD.org> <20150305141334.GX48476@zxy.spb.ru> <63BD8258-D2C9-4C94-8A54-63AA104871D9@FreeBSD.org> <20150305144056.GY48476@zxy.spb.ru> <CAJ5_RoBk=5C2%2BMktu_ODc7C%2BNraUhiSprtKd-=3bj%2Bb5UPT_1g@mail.gmail.com>
index | next in thread | previous in thread | raw e-mail
On Thu, Mar 05, 2015 at 10:11:43AM -0500, Benjamin Kaduk wrote: > On Thu, Mar 5, 2015 at 9:40 AM, Slawa Olhovchenkov <slw@zxy.spb.ru> wrote: > > > On Thu, Mar 05, 2015 at 02:20:59PM +0000, David Chisnall wrote: > > > > > Does telnet come with a massive selection of options for insecure login > > / authentication? Yes. > > > > This is may right to use or not to use secure or not secure login / > > authentication. > > Also, I am use telnet login for check kerberos authentication (ssh > > kerberos authentication (SSO) broken 10 years ago. nobody care). > > > > Other people are covering the rest of the issues, so I will cover just this > one point. > > telnet with kerberos authentication was broken 15 years ago, by the EFF's > Deep Crack and its successors. Kerberized telnet supports only DES, which > has not been secure for a long time. The last I heard, $50 would buy you a > DES key brute-force with a day turnaround. > > Speaking as an upstream maintainer: don't use kerberized telnet. I am use this for test kerberos setup (check all setup correctly). > I use kerberized ssh all the time; please tell me more about how it is > broken (a new thread would be best). kerberized ssh broken in SSO mode: you can't do ssh login to kerberized host (from outside world), input kerberos password and use kerberos ticket. This is issuse between PAM and ssh thread emulation.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150305151732.GA48476>