From owner-freebsd-security Fri Sep 22 14:16:10 2000 Delivered-To: freebsd-security@freebsd.org Received: from orthanc.ab.ca (207-167-15-66.dsl.worldgate.ca [207.167.15.66]) by hub.freebsd.org (Postfix) with ESMTP id AEED537B422 for ; Fri, 22 Sep 2000 14:16:06 -0700 (PDT) Received: from orthanc.ab.ca (localhost [127.0.0.1]) by orthanc.ab.ca (8.11.0.Beta3/8.11.0.Beta3) with ESMTP id e8MLG0117482; Fri, 22 Sep 2000 15:16:00 -0600 (MDT) Message-Id: <200009222116.e8MLG0117482@orthanc.ab.ca> To: Brett Glass Cc: security@FreeBSD.ORG Subject: Re: sysinstall DOESN'T ASK, dangerous defaults! (Was: Re: wats so special about freeBSD?) In-reply-to: Your message of "Fri, 22 Sep 2000 14:19:16 MDT." <4.3.2.7.2.20000922141517.00ddf570@localhost> Date: Fri, 22 Sep 2000 15:16:00 -0600 From: Lyndon Nerenberg Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >>>>> "Brett" == Brett Glass writes: Brett> These are special cases, though! I think that you will Brett> agree that by default, on FreeBSD (as opposed to hubs, Brett> etc.), we should leave telnetd off. (The telnet Brett> application, on the other hand, might be run under certain Brett> circumstances.) I have no problem with leaving them disabled. My issue is with removing them altogether. Note that for rsh/rlogin it's very easy to ship a default config where the secure (kerberized) versions are enabled and the insecure ones are not. Brett> As for authentication: Kerberos, S/key, etc. are useful if Brett> one must use Telnet. But they're a lot harder to set up and Brett> use than SSH! (In the case of Kerberos, *much* harder.) Kerberos is not *much* harder to set up. It's actually quite simple, although somewhat tedious. What *is* a pain with Kerberos is the thoroughly obtuse documentation it provides on how to set it up. --lyndon To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message