[5757] in Kerberos
Re: encrypted-stream rsh and rcp???
daemon@ATHENA.MIT.EDU (Mark W. Eichin)
Wed Aug 23 00:30:23 1995
Date: Tue, 22 Aug 95 17:32:58 -0400
From: "Mark W. Eichin" <eichin@cygnus.com>
To: *Hobbit* <hobbit@avian.org>
Cc: kerberos@MIT.EDU
In-Reply-To: "[5745] in Kerberos"
I'd assume that BSDi and *BSD used the same KerberosIV code hacked up
by Kevin Fall when he was still at CSRG. The code was never
contributed back to MIT (and it wasn't clear how well it worked in any
case.)
Note that "rcp -x" does *not* use "rsh -x" in the MIT release -- the
rcp authenticates directly to the rcp at the other end (which is why
rcp needs to be installed setuid to read the srvtab.)
Unfortunately, the MIT rsh code silently ignored the -x flag (as a
side effect of passing it through to rlogin -x if it was invoked
without a command) but CNS fixed this and prints an error
instead. (CNS/V4 does have some experimental code of our own, but
there was no demand for it, and it is disabled by default becuase it
isn't "finished" and some parts don't work.)
As for moving srvtabs -- rcp -x works fine, but more often we *don't*
move them. Our documentation doesn't even suggest using ext_srvtab but
recommands kadmin cpw, ksrvutil add, ksrvutil change, all of which can
be done locally on the machine being installed/secured.
_Mark_ <eichin@cygnus.com>
Cygnus Support
Cygnus Network Security <network-security@cygnus.com>
http://www.cygnus.com/data/cns/
[5745] daemon@ATHENA.MIT.EDU (*Hobbit*) Kerberos 08/22/95 16:15 (17 lines)
Date: 22 Aug 1995 15:16:03 EDT
From: *Hobbit* <hobbit@avian.org>
Has there been any previous discussion of "rsh -x" and/or "rcp -x" here
recently [I've been a bit out of touch]? I'm hitting amazing version skew
and overall lossage across CNS, BSDI, and Freebsd, and none of them seem able
to talk to each other in an encrypted fashion.
If it's been discussed in the past then whoever had answers please get in
touch. If it hasn't been discussed yet, then I hope to hell that people are
NOT trusting the BSDI versions of either app to encrypt their data, because
it doesn't appear to. [How are *you* moving srvtabs around, eh?]
General question -- is there any standard port for "ekshell"?!
_H*
--[5745]--
