On Thu, Mar 05, 2015 at 10:11:43AM -0500, Benjamin Kaduk wrote: > On Thu, Mar 5, 2015 at 9:40 AM, Slawa Olhovchenkov <s...@zxy.spb.ru> wrote: > > > On Thu, Mar 05, 2015 at 02:20:59PM +0000, David Chisnall wrote: > > > > > Does telnet come with a massive selection of options for insecure login > > / authentication? Yes. > > > > This is may right to use or not to use secure or not secure login / > > authentication. > > Also, I am use telnet login for check kerberos authentication (ssh > > kerberos authentication (SSO) broken 10 years ago. nobody care). > > > > Other people are covering the rest of the issues, so I will cover just this > one point. > > telnet with kerberos authentication was broken 15 years ago, by the EFF's > Deep Crack and its successors. Kerberized telnet supports only DES, which > has not been secure for a long time. The last I heard, $50 would buy you a > DES key brute-force with a day turnaround. > > Speaking as an upstream maintainer: don't use kerberized telnet.
I am use this for test kerberos setup (check all setup correctly). > I use kerberized ssh all the time; please tell me more about how it is > broken (a new thread would be best). kerberized ssh broken in SSO mode: you can't do ssh login to kerberized host (from outside world), input kerberos password and use kerberos ticket. This is issuse between PAM and ssh thread emulation. _______________________________________________ svn-src-all@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
