[998] in Kerberos_V5_Development
Re: removing user-user authentication from rcp client
daemon@ATHENA.MIT.EDU (Donald T. Davis)
Mon Feb 5 22:44:41 1996
To: "Theodore Ts'o" <tytso@MIT.EDU>
Cc: krbdev@MIT.EDU, swick@x.org
In-Reply-To: Your message of "Mon, 05 Feb 1996 20:45:50 EST."
<9602060145.AA22798@dcl.MIT.EDU>
Date: Mon, 05 Feb 1996 22:47:29 -0500
From: "Donald T. Davis" <don@cam.ov.com>
> note that one of the real potential trouble spots with u2u is that
> you *do* need to have an access control list on the [x] client if mutual
> authentication is important. After all, if you're popping up a xterm
> with a shell prompt, you really want to make sure it ends up on the
> right X server..... <grin>
ted,
i agree that access-control becomes a big issue for u2u,
though it's no bigger for u2u-mediated services than for
srvtab-authenticated services. thanks for the explanation
of how rcp came to be messed up; such things are only to
be expected in a volunteer effort of such size.
-don davis
