[974] in Kerberos_V5_Development
Proposed rlogind option reorg
daemon@ATHENA.MIT.EDU (Sam Hartman)
Tue Jan 23 02:19:04 1996
To: krbdev@MIT.EDU
From: hartmans@MIT.EDU (Sam Hartman)
Date: 23 Jan 1996 02:18:57 -0500
Today, I ran into a significant problem getting krlogind to do
what I wanted because of the broken option handling. I exchanged
several zephyrs with Barry, and had a discussion with Tom and Mark
after the SIPB meeting.
Anyway, out of this discussion came a new structure for the
option handling. I decided to seek input from the newsgroup to see if
this will break anyone, and if anyone can think of ideas why this
shouldn't be done.
The one option I do not mention in the post is the -c option
to krshd apnd krlogind that will require v5 connections be checksumed
as discussed previously in this meeting.
note that you can still use krlogind -45c
and that this is suceptible to replay attacks on the v4 connections,
but requires checksumed v5 connections.
I saw no good reason to add additional
code to prevent people from trying to shoot themselves
in the foot.
--Sam
