[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[SAGE] Re: [lopsa-tech] Remote Exploit Solaris telnetd
- To: tech@lopsa.org, SAGE mailing list <sage-members@sage.org>
- Subject: [SAGE] Re: [lopsa-tech] Remote Exploit Solaris telnetd
- From: Phil Pennock <lopsa-tech@spodhuis.org>
- Date: Mon, 12 Feb 2007 23:01:08 -0800
- DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=first1; d=spodhuis.org;h=Received:Date:From:To:Subject:Message-ID:Mail-Followup-To:References:MIME-Version:Content-Type:Content-Disposition:In-Reply-To;b=LZGVHU7vvgqc9BmrOPAKYzJSEQ75gl9g00/MATG08lR+fs8N6Jn2avq7BM/l2neCV70H29hEIjgJFri7dP+0r7RzcETQu5tLBgwKewqJfyZdKvKHE5vFNoMhPBU0bGRbUCCGEgiHCWW9UVHXclc911TjfzQXP6wLt4x4K89JRyM=;
- In-Reply-To: <8B855371-D7E2-4B30-95CF-3FECBE625E8C@halligan.org>
- Mail-Followup-To: tech@lopsa.org, SAGE mailing list <sage-members@sage.org>
- References: <bb075cdf0702112022q16f1bd1erd05484a6d958ff06@mail.gmail.com> <8B855371-D7E2-4B30-95CF-3FECBE625E8C@halligan.org>
- Sender: owner-sage-members@usenix.org
On 2007-02-12 at 10:08 -0800, Michael T. Halligan wrote:
> 1989 called and they want their insecure, obsolete protocol back.
I just double-checked and Solaris's telnetd is one of those which
supports KerberosV, both authentication and encryption. As of Solaris
10.
Given that (TTBOMK) telnet clients which support Kerberos are more
widespread than SSH clients which do, multi-platform secure remote tty
access with central ability to shut down accounts (without having to
script together a pubkey management system), I'm not sure how it
qualifies as insecure. (Multiplatform is more than "openssh will run,
in some form")
So I think that the joke is what's obsolete. ;^)
-Phil, wanting PuTTY to accept one of the GSSAPI patches.
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/kerberos-gssapi.html