[1525] in Kerberos_V5_Development
Re: rlogin -x --> rlogin -noencryption
daemon@ATHENA.MIT.EDU (Sam Hartman)
Thu Aug 8 21:58:24 1996
To: Ken Raeburn <raeburn@cygnus.com>
Cc: "Barry Jaspan" <bjaspan@MIT.EDU>, krbdev@MIT.EDU
From: Sam Hartman <hartmans@MIT.EDU>
Date: 08 Aug 1996 21:58:02 -0400
In-Reply-To: Ken Raeburn's message of 08 Aug 1996 18:18:05 -0400
>>>>> "Ken" == Ken Raeburn <raeburn@cygnus.com> writes:
Ken> On a related note, I'd like to see the "...using DES
Ken> encryption..." message printed by the client side rather
Ken> than the server side. (And maybe add a "not encrypting"
Ken> message if we're changing defaults -- or maybe just add it
Ken> anyways.) Then we can add yet another option to make it shut
Ken> up, for programs that want "rsh" to be a clean, non-intrusive
Ken> communications channel.
I have already done this for rsh. The client prints the
message to STDERR, *only* if stderr is a tty. This is perhaps a bit
less general than having a command line option to turn the message
off, but rsh will not accept an unencrypted connection if told to make
an encrypted connection, so it isn't really a security problem.
Historical precident exists in Unix for making the behavior of
commands be more friendly to scripts when the appropriate file
descriptor is not a tty.
Ken> Something like this is needed for rdist. It uses rsh to make
Ken> the connection, and expects all the data it receives back to
Ken> be from rdistd, no random garbage from rshd. The solution
Ken> sent over the rdist-dev list was basically to disable the
Ken> encryption status banner on the server side, totally
Ken> independent of what application you might be running.
Or to run Beta 6; I was able to run stock rdist with no
changes other than specifying a command-line option to use a script
that invokes rsh with encryption enabled.
Ken> (Yes, it'd be nice to throw out rsh and use telnet for this
Ken> instead, but until the DO-RUN-COMMAND, DONT-USE-TTY,
Ken> DO-MULTIPLEX-IO-STREAMS telnet options are implemented, rsh
Ken> is what we're stuck with.)
