[5750] in Kerberos
Re: encrypted-stream rsh and rcp???
daemon@ATHENA.MIT.EDU (Sam Hartman)
Tue Aug 22 19:38:00 1995
To: *Hobbit* <hobbit@avian.org>
Cc: kerberos@MIT.EDU
In-Reply-To: Your message of "22 Aug 1995 15:16:03 EDT."
<41daso$98q@satisfied.apocalypse.org>
Date: Tue, 22 Aug 1995 19:28:17 EDT
From: Sam Hartman <hartmans@MIT.EDU>
A few points about encrypted and non-so-encrypted Kerberized
utilities:
* There is no krb4 version of an encrypting rsh I am aware of. Recent
releases of Athena (77-January and the new 7.7 patch release in use
here at MIT) will warn you that -x doesn't encrypt and will bomb out.
* All versions of MIT krb4, and thus likely many products that inherit
from this code *do not* mention that rsh -x doesn't encrypt. (They
accept that option so it can be passed along to rlogin) This means
that they silently accept the option but still pass the data in the
clear. This is unacceptable; the change in Athena behavior was made
after one of the Athena developers realized he had been transfering
important data unencrypted for years.
* I don't know about CNS.
* Krb5 rsh (at least beta-5--that's when I started working with
Kerberos) supports -x on rsh. Unfortunately, an active attack during
initial negotiation can cause an unencrypted stream, controlled by the
attacker, to be established.
* In general, rcp will either cleanly work or cleanly fail to work
when the -x option is specified; it does actually contain support for
encryption. Often, however, rshd sets up the path wrong so that the
non-Kerberized rcp is found and encrypted rcp fails.
i don't know of incompatabilities between different flavors of
Kerberos4 in terms of rcp.
--Sam
