[2064] in Kerberos
Re: MacX and kerberos...
daemon@ATHENA.MIT.EDU (David C. Doherty)
Thu Jul 30 12:56:28 1992
Date: Thu, 30 Jul 1992 15:54:53 GMT
From: doherty@msc.edu (David C. Doherty)
Reply-To: doherty@msc.edu
To: kerberos@shelby.Stanford.EDU
In article <1992Jul30.142315.9840@ncsu.edu>, everette@ncsuvm.cc.ncsu.edu (Everette Allen) writes:
|> I need some help understanding the mechanics of the kerberos protocol as it
|> relates to the MacX Xwindows server. As I understand it MacX is not able to
|> querry Xdm as some other servers do. Instead, MacX users rsh to execute
|> individual commands. So I can fire up MacX and issue a:
|> /usr/local/X11/xterm -display "(display" and I will get an xterm alone which
|> lives and plays with my other mac windows. Enter Kerberos... on our system
|> rsh is not kerberized so I get "login incorrect" because, I think, the rsh
|> is not looking in the Hesiod database to verify my password. Is this correct?
|> If so where is the ftp archive for kerberized rshd (and ftpd, telnetd etc for
|> that matter) ?? Now the security issue. IF I understand, any time that a
|> Xserver passes a password *not a ticket* over the net it is insecure from a
|> standpoint of kerberos. Is this true?
As I understand things, yes this is true. Perhaps worse yet is that
(I'm guessing ) most people run MacX with access control turned OFF.
So, they can easily be snooped.
|> none of the ease :). Any help that I can get would be great. EVerette
I posted something similar to this in comp.sys.mac.apps a few weeks ago.
Response: Nada. Actually, I was wondering if future releases would
be able to handle Magic Cookies or at least xhost support.
I know that some of the MacX developers (used to?) read these groups,
and I would sure be really grateful if they'd give us some hints about
where they are going with MacX viz. security issues.
This stuff is really important. Is anyone from Apple listening?
Thanks,
David C. Doherty
Minnesota Supercomputer Center
doherty@msc.edu
