[3119] in Kerberos
Re: Kerberos on terminal servers?
daemon@ATHENA.MIT.EDU (George Michaelson)
Sat Apr 16 02:15:42 1994
To: kerberos@MIT.EDU
Date: 15 Apr 1994 17:19:55 +1000
From: ggm@dingo.cc.uq.oz.au (George Michaelson)
dglo@manray.CS.Berkeley.EDU (Dave Glowacki) writes:
>Has anyone got a Kerberos solution for Annex boxes or other terminal servers?
>This *must* have been confronted and (hopefully) solved elsewhere, but Annex
>doesn't seem to have any good solution for us...
(1) Annex 8.0 does do kerberos calls from erpcd (its own RPC (encrypted)
login/authentication agent)
(2) Annex may well be stripped down 4.3like code and very unix-y but that
doesn't mean you or I can compile binaries of telnet and include them
into its set of known commands, and thus embed our OWN kerberized apps
in the T/S.
So (1) annex do a limited form of kerberized password check and (2) nobody
else is going to give you anything better but annex, and (3) it aint happening
soon.
Xyplex are kerberized direct on the terminal server, but for reasons I dont
understand they chuck away the ticket instead of using it for onward password-
less logins. They DO however permit password change of the t/s but do NOT
permit range-checks so you can get terribly insecure kerberos passwds as a
result (you can get size >= 6 but thats still bad)
-George
--
George Michaelson
G.Michaelson@cc.uq.oz.au The Prentice Centre | There's no market for
University of Queensland | hippos in Philadelphia
Phone: +61 7 365 4079 QLD Australia 4072 | -Bertold Brecht
