[1528] in Kerberos_V5_Development
Re: rlogin -x --> rlogin -noencryption
daemon@ATHENA.MIT.EDU (Barry Jaspan)
Fri Aug 9 18:17:48 1996
Date: Fri, 9 Aug 96 18:17:30 -0400
From: "Barry Jaspan" <bjaspan@MIT.EDU>
To: raeburn@cygnus.com
Cc: hartmans@MIT.EDU, krbdev@MIT.EDU
In-Reply-To: <tx17mr9seoy.fsf@cygnus.com> (message from Ken Raeburn on 08 Aug
1996 18:18:05 -0400)
If the "right" way is so obvious, why provide any option to do
otherwise?
Good question. I wouldn't be horribly sad to see the option disappear
entirely; it would be one less thing to worry about and get wrong.
And if there's a reason for providing the option, are you
so sure that the default behavior is still "obviously" the same for
all sites?
I suppose that someone night be running krlogin on a slow machine in a
non-interactive way such that the overhead of encryption could be a
problem. So, we might as well leave it in, since it is already there.
But the overwhelming majority of time (imho) encrption should be
enabled, and that I think is what most people would expect. Also note
that Kerberos authentication is almost worthless if the connection is
not encrypted (or integrity protected, but the code doesn't do that
currently) because authenticators can be trivially intercepted and
replayed, yet another reason encryption should always be on.
There's no reason we couldn't have the compiled-in default be to
enable encryption, which krb5.conf could override, and have
command-line options override both.
There's no reason we *couldn't*, but there is a reason we *shouldn't*:
it is just more options. There are too many options. This suggestion
would replace one (-x) with thre (-x, -no_x, and a krb5.conf
relation), and set up an option hierarchy that many users would find
confusing. All this for a configuration decision that (and it is
obvious that I think this now :-) should be made by the developers.
Also, the right defaults for forwarding tickets (also part of our
patches) are not "obviously" the same for all sites.
I did not make any suggestions regarding the default state for ticket
forwarding. (I personally believe that IP checking should be removed
from Kerberos, making ticket forwarding a much smaller issue, but
again that is a side point.)
Barry
