Date: Fri, 22 Sep 2000 15:16:00 -0600 From: Lyndon Nerenberg <lyndon@orthanc.ab.ca> To: Brett Glass <brett@lariat.org> Cc: security@FreeBSD.ORG Subject: Re: sysinstall DOESN'T ASK, dangerous defaults! (Was: Re: wats so special about freeBSD?) Message-ID: <200009222116.e8MLG0117482@orthanc.ab.ca> In-Reply-To: Your message of "Fri, 22 Sep 2000 14:19:16 MDT." <4.3.2.7.2.20000922141517.00ddf570@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "Brett" == Brett Glass <brett@lariat.org> writes:
Brett> These are special cases, though! I think that you will
Brett> agree that by default, on FreeBSD (as opposed to hubs,
Brett> etc.), we should leave telnetd off. (The telnet
Brett> application, on the other hand, might be run under certain
Brett> circumstances.)
I have no problem with leaving them disabled. My issue is with removing
them altogether.
Note that for rsh/rlogin it's very easy to ship a default config where
the secure (kerberized) versions are enabled and the insecure ones are
not.
Brett> As for authentication: Kerberos, S/key, etc. are useful if
Brett> one must use Telnet. But they're a lot harder to set up and
Brett> use than SSH! (In the case of Kerberos, *much* harder.)
Kerberos is not *much* harder to set up. It's actually quite simple,
although somewhat tedious. What *is* a pain with Kerberos is the
thoroughly obtuse documentation it provides on how to set it up.
--lyndon
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009222116.e8MLG0117482>