[7174] in Kerberos
Re: rkinit
daemon@ATHENA.MIT.EDU (Richard Basch)
Tue Apr 30 20:18:36 1996
Date: Tue, 30 Apr 1996 19:56:26 -0400
To: jrd@bu.edu
Cc: kerberos@MIT.EDU
In-Reply-To: <4m5kr4$q2k@news.bu.edu>
From: "Richard Basch" <basch@lehman.com>
On , 30-April-1996, "Jim Doyle" wrote to "kerberos@MIT.EDU" saying:
> Are there any compelling reasons NOT to deploy and use the rkinit
> facility in a V4 cell?
>
> We are considering supporting this as a standard machine service
> for users that like to use rlogin/rsh/etc but are also need to
> have a valid AFS PAG for filesystem work.
Depending on how seamless you want to be able to rlogin into other
machines, it turns out that the IP address information encrypted in the
Kerberos credential is not checked by AFS. In other words, you could
forward your afs ticket (hopefully encrypted in the rlogin or some other
session key) to the remote side, and then stuff that into the kernel,
using the appropriate pioctl() on behalf of the user. It does alleviate
the user having to retype their password merely to issue an rlogin
command.
--
Richard Basch
Sr. Developer/Analyst URL: http://web.mit.edu/basch/www/home.html
Lehman Brothers, Inc. Email: basch@lehman.com, basch@mit.edu
101 Hudson St., 33rd Floor Fax: +1-201-524-5828
Jersey City, NJ 07302-3988 Voice: +1-201-524-5049
