Skip Menu |
 

From: rug <rug@usm.lmu.de>
Subject: Documentation__Retiring DES
Date: Tue, 24 Mar 2015 16:22:21 +0100
To: krb5-bugs@mit.edu
Hi to whom it may concern,

we widely use kerberized telnet as an easy access to our services. The krb5-appl package is really outdated and totally based on DES (it offers only 2 DES encryption method). We are in the process of using stronger keys and would like to know, if somebody gave telnet an update to use at least one strong key?

Bets regards,

Rudi Gabler
Download signature.asc
application/pgp-signature 495B

Message body not shown because it is not plain text.

From: Sam Hartman <hartmans@mit.edu>
To: rt@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #8158] Documentation__Retiring DES
Date: Tue, 24 Mar 2015 14:17:42 -0400
RT-Send-Cc:
Show quoted text
>>>>> "rug" == rug via RT <rt-comment@krbdev.mit.edu> writes:

Show quoted text
rug> Hi to whom it may concern, we widely use kerberized telnet as
rug> an easy access to our services. The krb5-appl package is really
rug> outdated and totally based on DES (it offers only 2 DES
rug> encryption method). We are in the process of using stronger
rug> keys and would like to know, if somebody gave telnet an update
rug> to use at least one strong key?

The krb5-appl telnet has not been updated and is unlikely to be updated.
I believe that Jeff Altman added support for Kerberos authentication to
some telnet distribution that had TLS support, and that may even be
securely bound into the authentication.
I don't know which product that was or whether that happened.
Most of the world is using RFC 4462 Kerberized Ssh at this point.