[1526] in Kerberos_V5_Development
Re: rlogin -x --> rlogin -noencryption
daemon@ATHENA.MIT.EDU (Ken Raeburn)
Fri Aug 9 09:07:54 1996
To: Sam Hartman <hartmans@MIT.EDU>
Cc: krbdev@MIT.EDU
From: Ken Raeburn <raeburn@cygnus.com>
Date: 09 Aug 1996 09:07:03 -0400
In-Reply-To: Sam Hartman's message of 08 Aug 1996 21:58:02 -0400
Sam Hartman <hartmans@mit.edu> writes:
> I have already done this for rsh. The client prints the
> message to STDERR, *only* if stderr is a tty. This is perhaps a bit
> less general than having a command line option to turn the message
> off, but rsh will not accept an unencrypted connection if told to make
> an encrypted connection, so it isn't really a security problem.
> Historical precident exists in Unix for making the behavior of
> commands be more friendly to scripts when the appropriate file
> descriptor is not a tty.
Hm. That still makes the use of rsh in a script non-invisible to the
person running the script. For rdist (if it keeps rsh connected to
the tty for stderr) it's not a problem, unless maybe the user is using
"quiet" mode.
> Or to run Beta 6; I was able to run stock rdist with no
> changes other than specifying a command-line option to use a script
> that invokes rsh with encryption enabled.
Ok, if it works, great. I don't actually use rdist often, I just
maintain Cygnus' copy of it for krb5. :-)
