[1601] in Kerberos-V5-bugs
Re: krlogind doesn't support krb4 w/o rhosts
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Sat Aug 19 01:23:26 1995
Date: Sat, 19 Aug 1995 01:23:20 -0400
From: Theodore Ts'o <tytso@MIT.EDU>
To: Sam Hartman <hartmans@MIT.EDU>
Cc: krb5-bugs@MIT.EDU
In-Reply-To: Sam Hartman's message of Sun, 13 Aug 1995 21:53:18 -0400,
<199508140153.VAA19619@tertius.mit.edu>
Date: Sun, 13 Aug 1995 21:53:18 -0400
From: Sam Hartman <hartmans@MIT.EDU>
Kerberos 5 krlogind doesn't support using krb4 authentication
without also enabling .rhosts. This is a bug in two regards:
1) It makes debugging difficult as the normal krlogin program doesn't
come in on a reserved port.
2) It's a security hole.
Unfortunately, any solution is going to have to change the
meaning of the options, so I don't want to go off and implement this
without getting ideas on how to be non-destructive.
Suggestion: change the meaning of -k and -K to mean check .k5login *or*
.klogin, as appropriate, depending on whether the incoming
authentication was V4 based or V5 based.
- Ted
