[6519] in Kerberos
Request for input: proposed krshd and krlogind option reorganization
daemon@ATHENA.MIT.EDU (Sam Hartman)
Tue Jan 23 03:04:59 1996
To: kerberos@MIT.EDU
From: hartmans@MIT.EDU (Sam Hartman)
Date: 23 Jan 1996 02:42:18 -0500
-----BEGIN PGP SIGNED MESSAGE-----
This is a tentative proposal for a reorganization of command
line options to krlogind and krshd in the MIT Kerberos5 distribution.
I am seeking input from vendors and users before such a change is
implemented. It is almost certaint that a change will be made and
that this change will not be completely backwards compatible. Note
this is just a change in the command line options; there are no plans
to introduce non-backwards compatible changes into the over-the-wire
protocol--old clients will interoperate with new servers, and new
clients should interoperate with old servers.
First, there is serious discussion of dropping support for
.rhosts files in krlogind and krshd. It is not clear to me that the
MIT clients correctly take advantage of this feature, and it adds a
lot of complexity at a significant penalty in security when enabled.
Unless significant objections are raised, I will remove support for
requiring that a user present both valid Kerberos authentication and
rhosts authentication in the same session (-K -R under the current
options). This adds no additional security, significantly complicates
the code, and is confusing to users.
Now, for a description of the way things are now, so you can
appreciate why we are changing them. In this description, I only
present the krlogind options that are pertinent to this discussion;
krshd has similar options, and krlogind has other unrelated options we
do not plan to change.
- -x -e -X -e: Enable encryption.
- -K: Require Kerberos5 authentication
- -k -r: Require .rhosts, Kerberos4 or Kerberos5 authentication
- -R: Require .rhosts authentication.
First, note that you cannot require krb5 or krb4 without
allowing .rhosts; I view this as a bug. Also, there are too many
options to enable encryption; I have received several questions asking
what the difference is, when there is none.
I propose to change the meaning of the options so that they
permit an authentication system instead of requiring it. The only
case where it makes a difference is when more than one authentication
system is required; this is only possible when one of the two
authentication systems is .rhosts. (Note that you cannot supply both
krb5 and krb4 authentication in the same session.)
So, we propose the following options to select encryption and
authentication for krlogind and krshd:
- -e: enable encryption on krlogind, require it on krshd
- -5: Accept krb5 authentication
- -4: Accept krb4 authentication
- -r: Accept .rhosts authentication
- -k: Accept either krb5 or krb4 authentication
The last option is intended as a sort of compatibility option;
it is no different from including both -5 and -4 on the command line.
(People who use the ability of krlogind and krshd to examine their
name to find flags are more likely to wish to name programs klogind
than 54logind.) If we do choose to support .rhosts authentication,
the default name krlogind is installed as will be changed from
krlogind to klogind in order to supress .rhosts authentication by
default.
Note that the ability to require encryption on krshd is a new
feature not present in the Beta5 release.
- --Sam
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface
iQEVAwUBMQSRPkJYVPVo3rXRAQFxMgf+Pk0Fted7qEUSRWESjVqsiNjZxePdpazL
stYmba4icy6Fek1oXAbP1pyjIlkdcoGzqgAzFuLV5kqBys4VgHmJswvUWHUUqqOi
I4T16mlmXvTRzXpJnQN8hd7O5mEDOCpqHOplwFIIDG9bncXdfk+tXaIrXy9GEaJQ
biN3Xrps0W4fexJVyTkDB33oJutdNXqqbUVNDhXWnm1Z7DCycObdIM4jybeEKkdg
PRYyI1TTEkd/qxw0VGWooAW3Zt+14G0VGqe8rKRKt1+mquzCm2/IXrwJglaH7cXG
DoGuA5awyU+W+GvKtcpW+07s+1MjYaY2bruG/bUiU6k6VOIEfb4gSA==
=JWh/
-----END PGP SIGNATURE-----
