[1156] in Kerberos
Re: r commands
daemon@ATHENA.MIT.EDU (Abraham Lui)
Tue Nov 6 18:05:54 1990
Date: 5 Nov 90 20:29:16 GMT
From: abraham@hpindda.cup.hp.com (Abraham Lui)
To: kerberos@shelby.Stanford.EDU
Let's say you have two systems : A server (S) that offers the r services and
the other is the client (C) where you invoke the r services. The following
is the minimum you need to do:
On S -
1) Add an entry for "kshell" in /etc/services.
2) Add an entry for "kshell" in /etc/inetd.conf for the remsh daemon (kremshd),
an entry for "klogin" for the rlogin daemon (krlogind), and an entry for the
"eklogin" for the encrypted rlogin daemon (ekrlogind). See example in
the prototype directory that comes with the Kerberos software.
On C -
1) Add an entry for "kshell" in /etc/services.
On the kerberos database -
1) Use kdb_edit to add the principal:
rcmd.S.realm
2) Run ext_srvtab to extract service key for S:
ext_srvtab S
3) Securely move srvtab.S from the kerberos system to /etc/srvtab of S.
Notes:
1) The above steps assume that you follow the kerberos doc and set up S and C
correctly, including the /etc/krb.conf file, proper pricipals added to the
kerberos database etc.
2) The above steps allow a user to run the r services from C to S only. For
example, you can run rlogin from C to S, but not vice versa.
Good Luck!
Abraham
