Red Hat Bugzilla – Bug 167535
Require encryption for ktelnetd
Last modified: 2007-11-30 17:11:13 EST
Description of problem:
One of the new features of MIT Kerberos v1.4 is the ability to *require* a
kerberos encrypted telnet sessions. Previously this was not possible with ktelnetd.
Please enable this by default in the xinetd config file for ktelnetd.
server_args = -e
This will bring the default Fedora config of ktelnetd in sync with kshd.
Thinking about this more, I have a different proposal that extends how klogin is
Today there are two xinetd config files for klogind.
/etc/xinet.d/eklogin (requires encryption with the -e switch)
This way you can chkconfig on which ever one you want. A reasonable and sound
I propose this same scheme be extended to ktelnetd and kshell. So there exists:
/etc/xinet.d/ekrb5-telnet (requires encryption)
/etc/xinet.d/ekshell (requires encryption)
That sounds good to me. Adding to 1.4.2-3.
Hrm. I don't think I'm going to get behind changing the "kshell" service from
encrypted to unencrypted though. That sounds like a nasty surprise, no matter
how well documented it could be.