[23685] in Kerberos

home help back first fref pref prev next nref lref last post

Re: Novice: rsh computer date -> Permission denied. rsh: connection

daemon@ATHENA.MIT.EDU (Ken Raeburn)
Fri Apr 8 17:03:14 2005

In-Reply-To: <1112969869.760166.287180@l41g2000cwc.googlegroups.com>
Mime-Version: 1.0 (Apple Message framework v619.2)
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <cc1351ba4c9a38ca8ea23edc639050b5@mit.edu>
Content-Transfer-Encoding: 7bit
From: Ken Raeburn <raeburn@mit.edu>
Date: Fri, 8 Apr 2005 16:59:01 -0400
To: clusardi2k@aol.com
cc: kerberos@mit.edu
Errors-To: kerberos-bounces@mit.edu

On Apr 8, 2005, at 10:17, clusardi2k@aol.com wrote:
>   I have to be able to remotely execute a command from a SGI computer.
> The man page tells me that I'm using the Kerberos version of rsh.
>
>   On the remote (Red Hat Linux) host, I created a ~/.k5login file with
> the line:
>
>     clusardi@ONYX3900
>
>   I have an account on both machines called clusardi.
>
> On Onyx3900, this is what I do:
>
> %rsh remote_computer date
> Permission denied.
> rsh: connection failed
>
> Can you tell me specifcally what I need to do to get it to work?

If you've got Kerberos set up at your site, you should be putting 
something like "clusardi@<realmname>" in your .k5login file, or just 
don't create one.  You'll need to get Kerberos tickets too (run kinit, 
unless the login sequence gets you tickets automatically), and the 
server will need to be set up with a Kerberos key file.

If you're not actually using Kerberos, and don't want to, the Kerberos 
rsh command you're using -- if it's similar enough to the one MIT ships 
-- is probably trying Kerberos, reporting a failure, and then falling 
back to run the traditional Kerberos program.  If it's not, look for a 
program with a name like "rsh.ucb" or maybe "rsh" in a different 
directory, or check the man page for rsh for an option to turn off the 
use of Kerberos.  You'll also need to make sure the non-Kerberos rsh 
server is running on the remote computer; it may be disabled by 
default, since it's not a very safe thing to enable in many 
environments.  If you use this approach, then .rhosts, not .k5login, is 
the file you should be creating, and it should use the hostname as you 
have done.

Ken

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

home help back first fref pref prev next nref lref last post