[999] in Kerberos_V5_Development
Re: removing user-user authentication from rcp client
daemon@ATHENA.MIT.EDU (Theodore Ts'o)
Tue Feb 6 00:24:38 1996
Date: Tue, 6 Feb 1996 00:24:33 -0500
From: Theodore Ts'o <tytso@MIT.EDU>
To: Clifford Neuman <bcn@ISI.EDU>
Cc: don@cam.ov.com, hartmans@MIT.EDU, don@cam.ov.com, krbdev@MIT.EDU,
swick@x.org
In-Reply-To: Clifford Neuman's message of Mon, 5 Feb 1996 19:18:07 -0800,
<199602060318.AA23931@darkstar.isi.edu>
Date: Mon, 5 Feb 1996 19:18:07 -0800
From: Clifford Neuman <bcn@ISI.EDU>
Actually, I don't think the u2u stuff was done by Prasad. He made
some changes to code that was already part of the release, and I think
added forwarding to some stuff. I might be wrong, but I don't recall
discussing the user to user stuff with him.
I'd have to check and make sure this code wasn't there before Prasad
started working on it, but I'm pretty sure Prasad's the one who added
the encryption option to rcp. The problem was that you needed the
srvtab *anyway* because rsh required it for the initial authentication,
but because rsh then ran rcp as the user, and there was a desire for rcp
not to need to be setuid root, the way rcp obtained an encryption key
for the purposes of the encryption was to use a u2u exchange.
So in fact, the rcp -x was pretty broken in that it required both a
srvtab *and* a TGT on the server. It's this fundamentally broken
architecture in the appl/bsd suite that was truely appalling. Then
again, having rcp use rsh as a transport layer is also pretty poor; it's
one of the reasons why I think secure ftp has a much better
architecture.
- Ted
