[97] in Release_7.7_team
Re: Warning: No Kerberos tickets obtained.
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Sun Jun 5 07:53:05 1994
Date: Sun, 5 Jun 94 07:51:41 EDT
From: tytso@MIT.EDU (Theodore Ts'o)
To: brlewis@MIT.EDU
Cc: jon@cam.ov.com, release-77@MIT.EDU, athena-ws@MIT.EDU
In-Reply-To: brlewis@MIT.EDU's message of Fri, 3 Jun 94 12:58:24 -0400,
<9406031658.AA05184@joy.MIT.EDU>
From: brlewis@MIT.EDU
Date: Fri, 3 Jun 94 12:58:24 -0400
Date: Fri, 03 Jun 1994 10:30:09 -0400
From: "Jon A. Rochlis" <jon@cam.ov.com>
Bruce,
Pass this along if you like.
While the user's will like the prompt for tickets, it sort of negates
the whole point of a kerberos telnet, unless the session is encrypted.
If encryption is the default it makes sense, but otherwise it bothers
me.
Yes, this should only be done when using encryption. On Unix,
documentation should tell people to use -a -x (authentication and
encryption). Users shouldn't be told to use -a without using -x. I
don't know what the default is on Mac ktelnet, or on the Windows ktelnet
currently under development at some other school.
This bothers me too, for the same reason that Jon mentioned.
I'd suggest changing telnetd (and rlogind) to set an environment
variable if the connection is encrypted, and change the patch to cshrc
so that it only attempts the kinit if the environment indicating an
encrypted connection is set.
Having a standardized environment variable that means that you're
working with an encrypted connection is a good idea in any case. Say,
something like "LOGIN_SESSION", which can be set to either "local",
"remote", or "secure"? If the LOGIN_SESSION environment variable is not
set, programs should assume "remote".
- Ted
