[766] in Info-AFS_Redistribution
afs rlogind
daemon@ATHENA.MIT.EDU (Jamey Maze)
Wed May 13 13:54:48 1992
To: Info-AFS@transarc.com
Date: Wed, 13 May 92 12:51:48 -0400
From: Jamey Maze <jnm@ornl.gov>
It appears that the afs rlogind only obtains tickets when the user is
actually prompted for a password (e.g., when the user has no .rhosts file or
it is protected with mode 664). But that seems to defeat some of the primary
benefits of rlogin, e.g., users don't need to enter a password (ease of use)
and no cleartext passwords on the network. Should it be possible to design a
rlogin/rlogind that automatically fetches a token on the remote host without
requiring the user to enter a password? Would it be possible to do that
without compromising security? I suppose second-best would be to prompt for
a password, but not send a cleartext password over the network (ala MIT
rkinitd).
The afs versions of rsh and rcp don't prompt for a password, but appear to
have authenticated access. How are they different than rlogin?
--
Jamey Maze | Computing & Telecommunications Division
Oak Ridge National Lab | Advanced Technology Group
P.O. Box 2008, MS-6238 | Internet: jnm@ornl.gov
Oak Ridge, TN 37831-6238 | 615/574-6355, FAX 615/574-9646