[894] in Kerberos
re: kerberos tickets and rlogin behavior
daemon@ATHENA.MIT.EDU (marc@ATHENA.MIT.EDU)
Wed Mar 28 14:20:41 1990
From: marc@ATHENA.MIT.EDU
To: John T Kohl <jtkohl@ATHENA.MIT.EDU>
Cc: buzz!nrh@bellcore.bellcore.com (Nathaniel Howard),
In-Reply-To: [893] in Kerberos
Reply-To: marc@MIT.EDU
>> In most cases, the user goes only ONE HOP, from the workstation to the
>> target machine, so there's not a problem.
>> Do I have this right? It seems a little limiting...
You are right. This is limiting. Often, I want to log into a remote
machine (only one hop) but I want to use Kerberized services from
there. So, someone at Athena wrote a program called rkinit which
allows you to securely get a ticket granting ticket on a remote
workstation. Without going through the details of the protocol, I
have a daemon in inetd.conf on my workstation. I type "rkinit
beeblebrox.mit.edu" from anywhere on campus, I get prompted for my
password and I have ktickets there. Then, I do a kerberized rlogin,
and, with a little dotfile hacking, I get a normal session including
kerberos in a secure way.
Marc
