[675] in Kerberos
Re: "kerberized" rlogin
daemon@TELECOM.MIT.EDU (Dan Kolkowitz)
Mon Mar 27 12:57:44 1989
From: kolk@ATHENA.MIT.EDU (Dan Kolkowitz)
To: kerberos@ATHENA.MIT.EDU
I'm having trouble getting the "kerberized" rlogin to function
between two of our systems. I'm able to obtain a ticket granting
ticket from the server, but when I try to make use of it with rlogin,
I get:
rcmd: socket: Permission denied
rlogin: Kerberos rcmd failed: rcmd protocol failure.
trying normal rlogin (/usr/ucb/rlogin.ucb)
What have I forgotten to do?
My bet is that you've forgotten to make rlogin setuid root (owned by root
and permission 4755, or something like that). rlogin cannot create a secure
socket since it is not running as root. This seems to be an example of
a clash between kerberos authentication and Unix authentication--the demand
for a secure socket number (between 512 and 1024) is rlogin's proof that
it is not a forged connection. Since the authentication of the user would
obviously supercede this check it seems to me that this requirement for
klogin could be removed (its always nice to get rid of another setuid program).
Dan
