[1530] in Kerberos_V5_Development
Re: rlogin -x --> rlogin -noencryption
daemon@ATHENA.MIT.EDU (Ken Raeburn)
Fri Aug 9 20:12:32 1996
To: "Barry Jaspan" <bjaspan@MIT.EDU>
Cc: hartmans@MIT.EDU, krbdev@MIT.EDU
From: Ken Raeburn <raeburn@cygnus.com>
Date: 09 Aug 1996 20:11:55 -0400
In-Reply-To: "Barry Jaspan"'s message of Fri, 9 Aug 96 18:17:30 -0400
"Barry Jaspan" <bjaspan@MIT.EDU> writes:
> I suppose that someone night be running krlogin on a slow machine in a
> non-interactive way such that the overhead of encryption could be a
> problem. So, we might as well leave it in, since it is already there.
> But the overwhelming majority of time (imho) encrption should be
> enabled, and that I think is what most people would expect. Also note
Not necessarily. For some sites the single-signon benefits of
Kerberos are far more important than the more obscure security
aspects. At such sites, the security may not need to be 100%, just
"pretty good", and the encryption may be considered a waste of cycles
they'd like to disable as site policy. It's not a policy *I'd* set,
but the customer may have a different point of view. And, for her
circumstances, she might even be right.
> There's no reason we *couldn't*, but there is a reason we *shouldn't*:
> it is just more options. There are too many options. This suggestion
> would replace one (-x) with thre (-x, -no_x, and a krb5.conf
> relation), and set up an option hierarchy that many users would find
> confusing.
I don't think it's that confusing. For one thing, *users* shouldn't
be worrying about krb5.conf settings. If it's very important to them,
they should specify it on the command line; I do. For another, the
way in which it's explained in the documentation will be much more
important than the (very simple and obvious, IMO) hierarchy.
> All this for a configuration decision that (and it is
> obvious that I think this now :-) should be made by the developers.
I think of it as a policy decision, and therefore object to the site
*not* being able to make it if they get prepackaged binaries. But as
you said, Cygnus can give sites the option even if MIT does not.
