[4336] in Kerberos
Re: request for commentary on krb IV server mod
daemon@ATHENA.MIT.EDU (Daniel G. Pouzzner)
Tue Dec 13 19:01:22 1994
Date: Tue, 13 Dec 1994 16:44:09 -0500
From: "Daniel G. Pouzzner" <douzzer@ladyday.mit.edu>
To: kerberos@MIT.EDU
Thanks for the comments. In the end, I have decided to ignore
addresses, but only for principals with null instances. This should
avoid unnecessary hassle while at the same time avoiding unnecessary
security concerns. Additionally, I enhanced the klog messages so that
address differences are noted there when they occur.
To clarify how I've implemented this: our rlogin and telnet have a
bourne shell front end which determines if it is viable to bother
trying to forward the tgt and Xauthority file, and if it is, do so
using rcp -x. rsh skips the Xauthority part and only forwards the tgt.
On the other end, /bin/login and kshd know where to expect the
forwarded tgt to appear. At some point when I have the time, I'll
integrate this exchange into the binaries, but meantime things work
fine and the concept is, for us, a proven one.
-Daniel
