[4062] in Athena Bugs
krb rlogin if not in /etc/passwd
daemon@ATHENA.MIT.EDU (Richard Basch)
Sat Jan 27 22:58:46 1990
Date: Sat, 27 Jan 90 22:58:21 -0500
To: geer@ATHENA.MIT.EDU
Cc: bugs@ATHENA.MIT.EDU, bug-new-dialup@ATHENA.MIT.EDU
In-Reply-To: Dan Geer's message of Tue, 23 Jan 90 10:38:12 -0500,
From: Richard Basch <probe@MIT.EDU>
From: geer@ATHENA.MIT.EDU
Date: Tue, 23 Jan 90 10:38:12 -0500
Subject: Re: access to dialup?.mit.edu from rtpc 6.4r hosts
1. with a preexisting ticket file, i cannot reach DIALUP1.MIT.EDU
from my 6.4R rtpc
2. if i kdestroy, i can
protocol version failure? failure of the fallback procedure?
bogus login program on DIALUP1 and/or the release? implications
for use of DIALUP?.MIT.EDU as telnet servers?
--dan
references:
1. with a preexisting ticket file, i cannot reach DIALUP1.MIT.EDU
from my 6.4R rtpc
e40-342f-2% rlogin dialup1
Password:
Login incorrect
login: geer
Password:
Login incorrect
2. if i kdestroy, i can
e40-008-7% kdestroy
e40-008-7% rlogin dialup1
rlogin: Kerberos rcmd failed: No ticket file (tf_util).
trying normal rlogin (/usr/ucb/rlogin.ucb)
Password:
Last login: Tue Jan 23 10:27:51 from JASON.MIT.EDU
Athena Workstation (VS3100) Version 6.4R Thu Jan 18 09:18:50 EST 1990
The problem is that the new Kerberos programs use /usr/etc/login.krb,
which is a program from the Kerberos distribution. This version does
not do Hesiod lookups and dynamically add you to the password file. I
realized that when it was installed, but it was also the only version
that supported encrypted remote logins.
The way I chose this one was that most people who set up machines for
remote access have it somewhat privatized, and most people are in their
local password files, so this is not a problem. It is only a problem
for dialing into machines that allow remote access and do not have the
user in the password file, such as the dialup machines. However, since
the dialup machines are running so much "unsupported" (at least not by
rel-eng) software, I did not really see this as an inconvenience; it
just means that they need one more change.
As a sidenote, I had planned on re-working Athena's changes into the
Kerberos version, and as a patch file that can easily be maintained from
release to release. This was too much effort in the previous timeframe.
-Richard
