[1210] in Kerberos
Re: Kerberized clients and servers
daemon@ATHENA.MIT.EDU (Jon A. Rochlis)
Thu Jan 24 00:11:50 1991
From: jon@MIT.EDU (Jon A. Rochlis)
To: john@iastate.edu (Hascall John Paul)
Cc: kerberos@MIT.EDU
In-Reply-To: Your message of 23 Jan 91 05:41:26 +0000.
Date: Wed, 23 Jan 91 23:29:17 EST
Telnet just uses /bin/login, so if that is kerberized then so is
telnet.
No, no, no. If you just get login then you will still be typing a
password in the clear. You need to change telnetd/rlogind to decode a
kerberos ticket, check authorization and call a modified login which
won't then ask for a password.
MIT distributes a modified rlogin(d) and login with the standard
Kerberos distribution. It's been there as long as we have been giving
away Kerberos.
If you are just talking about getting tickets when one logs in, then login
can indeed be usually modified to do this, but that was not the
original question (I think).
I suppose a new telnet option to pass authentication data
would be an interesting idea...
We have a telnet/telnetd that works with V4 and V5 and which may well
be distributed as part of 4.4BSD and V5 Kerberos. It has come out of
some IETF work done on authentication and encryption in telnet.
-- Jon
