[5811] in Kerberos
Re: encrypted-stream rsh and rcp???
daemon@ATHENA.MIT.EDU (Dan Lanciani)
Thu Aug 31 21:04:08 1995
To: kerberos@MIT.EDU
Date: 31 Aug 95 22:56:17 GMT
From: ddl@harvard.edu (Dan Lanciani)
In article <41fg6k$foa@satisfied.apocalypse.org>, hobbit@avian.org (*Hobbit*) writes:
| Sam mentions:
|
| * All versions of MIT krb4, and thus likely many products that inherit
| from this code *do not* mention that rsh -x doesn't encrypt. (They
| accept that option so it can be passed along to rlogin) This means
| that they silently accept the option but still pass the data in the
| clear.
This is certainly true.
| This is one of the problems I'm running into with BSDI rcp, too -- which comes
| from the old kerberosIV base that MarkE mentioned. This particular hunk of
| code does a mutual sendauth, but then never does anything with the session
| key and apparently does straight read() and write() on the connection.
This is confusing. I'm only familiar with one Kerberos IV base and I
believe it to be the original. It did indeed support encrypted rcp
at least in the version of rcp.c that it included. As I recall,
there were conditional #defines for des_read() and des_read(). This
made the code a little hard to read and it was somewhat tricky moving
the support into other versions of rcp. (I know it was the hardest
application to handle when I did DOS & OS/2 versions.) Perhaps whoever
did the BSDI port simply missed the read/write substitution when adding
the Kerberos code to their version of rcp? Or perhaps it was left out
to allow export of the binary product?
Dan Lanciani
ddl@harvard.*
