[3355] in Kerberos-V5-bugs
krb5-appl/1112: rsh passing of -x breaks interoperability
daemon@ATHENA.MIT.EDU (darrenr@chiron.nabaus.com.au)
Tue May 21 21:47:42 2002
Resent-From: gnats@rt-11.mit.edu (GNATS Management)
Resent-To: krb5-unassigned@rt-11.mit.edu
Resent-Reply-To: krb5-bugs@mit.edu, darrenr@chiron.nabaus.com.au
Message-Id: <200205220145.LAA28940@chiron.rais.nabaus.com.au>
From: darrenr@chiron.nabaus.com.au
Reply-To: darrenr@chiron.nabaus.com.au
To: krb5-bugs@mit.edu
Cc: darrenr@chiron.nabaus.com.au
Errors-To: krb5-bugs-admin@mit.edu
Date: Wed, 22 May 2002 11:45:37 +1000 (EST)
>Number: 1112
>Category: krb5-appl
>Synopsis: rsh passing of -x breaks interoperability
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue May 21 21:46:00 EDT 2002
>Last-Modified:
>Originator: Darren Reed
>Organization:
Optimation
>Release: krb5-1.2.5
>Environment:
System: SunOS chiron 5.5.1 Generic_103640-34 sun4u sparc SUNW,Ultra-2
Architecture: sun4
>Description:
When you invoke the Kerberised version of rsh with the -x command line
parameter, it passes through "-x " at the front of the command line to
the daemon at the other end. If the other end is also a Kerberised
rsh daemon, the Kerberos session will get created but unless it understands
the "-x ", it will fail to invoke the "real command".
In this case we're working with Kerberos from another vendor and can
see their rshd running commands like this:
bash -c -x who
after executing rsh like this:
rsh -x remote who
Maybe if the docs added this line to the installation of BSD services:
ekshell stream tcp nowait root /usr/local/sbin/kshd kshd -k -c -A -x
and rsh connected to ekshell/tcp for encrypted sessions (-x) then it
would not need to pass -x like this ?
Since we have klogin/eklogin for rlogin, it's kind of curious why there
isn't the same for rsh.
>How-To-Repeat:
See above.
>Fix:
Current work around is to #if-0 out the code which prepends the -x to the
command string passed to the remote rsh daemon and add -x to rshd for kshell
service. Will also look at implementing above ideas and send patches if
felt of use. NOTE: no change to krshd is proposed so it should continue to
work with clients that send the -x and those that don't.
>Audit-Trail:
>Unformatted:
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
http://mailman.mit.edu/mailman/listinfo/krb5-bugs
