[928] in Kerberos
Re: login authentication
daemon@ATHENA.MIT.EDU (Jon A. Rochlis)
Fri May 4 13:39:27 1990
From: jon@MIT.EDU (Jon A. Rochlis)
To: Greg Wohletz <greg%duke.cs.unlv.edu@RELAY.CS.NET>
Cc: kerberos@MIT.EDU
In-Reply-To: Your message of Thu, 03 May 90 14:13:45 -0700.
Date: Fri, 04 May 90 13:26:41 EDT
>In login.c is the following comment:
> ---
>shouldn't login be able to do mutual authentication and avoid this problem?
>Or am I missing something?
Stan Zanarotti (srz@athena.mit.edu) sent me a patch to login.c that
does just this - tries to get a rcmd ticket for the machine you are
about to login to and has the machine decrypt it - so if he will permit
I can pass it on to you; or maybe he has sent it to you himself
already...
That is a fine solution, if you have a place to store the secret (the
rcmd srvtab) . It doesn't work on "public" workstations ... the
Athena theory is that if you are phsyically in front a machine it's
yours anyway, so you might as well let anybody log in. Such machines
don't offer network services.
-- Jon
