[2494] in Kerberos_V5_Development
Re: krb5-appl/38: krb5-beta7: "-n" flag to FTP should disable GSS-API authentication
daemon@ATHENA.MIT.EDU (Sam Hartman)
Fri Aug 29 10:46:13 1997
Date: Fri, 29 Aug 1997 10:44:17 -0400 (EDT)
From: Sam Hartman <hartmans@MIT.EDU>
To: Tom Yu <tlyu@MIT.EDU>,
"Jonathan I. Kamens"
<jik@annex-1-slip-jik.cam.ov.com>
Cc: krbdev@MIT.EDU
Reply-To: hartmans@MIT.EDU, krb5-bugs@MIT.EDU, tlyu@MIT.EDU, krbdev@MIT.EDU
`Sam Hartman' changed the state to `feedback'.
State-Changed-From-To: closed-feedback
State-Changed-By: hartmans
State-Changed-When: Fri Aug 29 10:32:12 1997
State-Changed-Why:
To remind people about what this issue concernns, the -n
flag to ftp would still perform GSS authentication when the user
command is issued before this PR was fixed. Jik's justification for
choosing to fix the PR this way was because he thought the behavior in
the man page rather than the code was correct.
I argue that this is wrong for two reasons. In a non-GSS ftp,
the -n flag serves to supress the initial prompt for a username and
thus the initial prompt for a password. When the user command is
eventually issues, the password prompt is issued. Just so, I argue
that when the user command is eventually issued to GSSftp, it should
perform GSS authentication. Secondly, this breaks ange-ftp.
If you want a flag to supress GSS, that is reasonable, but it should not be -0n.
I believe I convinced tlyu that reverting this patch would be
reasonable a few months ago, but before going ahead ad doing it, I
thought I would check for reaction.
