[5763] in Kerberos
encrypted-stream rsh and rcp???
daemon@ATHENA.MIT.EDU (*Hobbit*)
Wed Aug 23 11:25:03 1995
To: kerberos@MIT.EDU
Date: 23 Aug 1995 10:57:44 EDT
From: *Hobbit* <hobbit@avian.org>
Sam mentions:
* All versions of MIT krb4, and thus likely many products that inherit
from this code *do not* mention that rsh -x doesn't encrypt. (They
accept that option so it can be passed along to rlogin) This means
that they silently accept the option but still pass the data in the
clear.
This is one of the problems I'm running into with BSDI rcp, too -- which comes
from the old kerberosIV base that MarkE mentioned. This particular hunk of
code does a mutual sendauth, but then never does anything with the session
key and apparently does straight read() and write() on the connection.
I wonder if they realize this???
These two source tree families [cns vs. xxxBSD] are *so* different...
_H*
