[1875] in Kerberos-V5-bugs
Re: K5B5 on AIX 4.1.4
daemon@ATHENA.MIT.EDU (Barry Jaspan)
Tue Apr 16 10:47:54 1996
Date: Tue, 16 Apr 96 10:48:16 EDT
From: Barry Jaspan <bjaspan@MIT.EDU>
To: Sam Hartman <hartmans@MIT.EDU>
Cc: Doug Engert <DEEngert@anl.gov>, Theodore Ts'o <tytso@MIT.EDU>,
krb5-bugs@MIT.EDU
In-Reply-To: [1872]
Doug> The name of the krlogind was also changed, as well as its
Doug> options.I can see changing krlogin to rlogin but why
Doug> krlogind to klogind???
The reasonthe r was removed
from the name has to do with what klogind does if you don't give it
any options. It takes the letters before logind in the name, and
treats them as options.
NO NO NO NO NO! WRONG! BAD DOG! BAD DOG!
I know I've expressed this opinion before, but I am right, and I am
not going to shut up about it.
Having krlogind base its behavior on "options" specified in the name
before "logind" is a total mistake. There is not one single good
reason for it, and there is an extremely good reason not to do it: it
is *VERY* confusing, totally unlike any other Unix daemon in the
world, and dangerous because it will inevitably result in
misconfigured krloginds that allow connections they shoulnd't. The
very message that started this thread is an excellent example of how
confusing it can be. It is confusing even before you ask the next
logical question: how to options specified in the name and options
specified on the command line interact? There is no good answer to
that question that is understandable and rememberable to normal
people.
I think I understand the appeal of this design to hackers. It seems
clever, fun, and a neat generalization on the idea that "krlogind" and
"ekrlogind" differ in their encryption behavior. However, it is
totally non-sensical to people that are not hackers and, Guess What!,
most people that would like to use Kerberos are not.
Command line options are the traditional means of passing arguments to
programs. inetd supports passing arguments on any platform worth
considering (and if it doesn't, someone using that platform can write
a one-line shell script to re-implement this behavior in a way that
will make sense to them).
I *GUARANTEE* that if you leave this functionality in, it will
eventually be a security hole in at least one important site and an
embarassment for Kerberos and the MIT development team.
Barry
