[7290] in Kerberos
Re: Kerberized RCP
daemon@ATHENA.MIT.EDU (Sam Hartman)
Thu May 16 01:46:30 1996
To: jik@annex-1-slip-jik.cam.ov.com (Jonathan Kamens)
Cc: kerberos@MIT.EDU
From: Sam Hartman <hartmans@MIT.EDU>
Date: 16 May 1996 01:29:49 -0400
In-Reply-To: jik@annex-1-slip-jik.cam.ov.com's message of 15 May 1996 05:58:58 GMT
>>>>> "Jonathan" == Jonathan Kamens <jik@annex-1-slip-jik.cam.ov.com> writes:
Jonathan> In article
Jonathan> <199605141427.KAA10312@gza-client1.cam.ov.com>,
Jonathan> don@cam.ov.com (Donald T. Davis) writes: |> you're
Jonathan> describing a use of the "user-to-user" protocol.
Jonathan> Why do you say that this is u2u? Fred and Barney are
Jonathan> workstations, not users. Why wouldn't the standard
Jonathan> mechanism of rcp on Fred getting a service ticket for
Jonathan> host/Barney and Barney verifying that ticket from its
Jonathan> /etc/v5srvtab file work?
Don comes from a mind set that strongly believes that
workstations outside locked rooms should not have keytabs. As an
example, he stated that it would be a very bad idea for laptops to
have a keytab (besides the naming issue) because it is fairly easy to
gain physical access to a laptop.
We discussed the broken way that Rcp uses U2U previous to Beta
6. At that time, we also discussed what would be necessary to support
user-to-user authentication for kshd and klogind. Personally, I
think it would be fairly nice if Athena's access_on could enable kshd
and klogind in such a way that they could use a ticket cache of the
user running access_on to allow for secure connection to public
cluster machines.
This code has not been written yet, and MIT has not committed
to writing it. I think the concept is worth discussing and I
certainly think user-to-user could be much more utilized than it is
today. I also think that mindsets in the Kerberos community have
changed significantly since the original design of the protocol;
because every workstation with a non-trivial root password tends to
have a srvtab in the Kerberos environments I'm familiar with, u2u
loses much of its utility.
Jonathan> |> it seems |> that the kerberized rcmds use only u2u,
Jonathan> so the remote host |> has to have a tgt; they don't yet
Jonathan> work correctly if the |> remote host has a srvtab
Jonathan> instead.
Jonathan> I'm not at all sure why you say that. I use krlogin,
Jonathan> krsh and krcp regularly to remote hosts with
Jonathan> /etc/v5srvtab files. As far as I know, krlogin, krsh
Jonathan> and krcp work *only* if the server host has a
Jonathan> /etc/v5srvtab file, and don't understand u2u at all (at
Jonathan> least, that was true as of V5 beta 4; I don't know if it
Jonathan> was significantly changed in V5 beta 5, although I doubt
Jonathan> it).
Jonathan> (Incidentally, although I wrote the above from the V5
Jonathan> perspective, it's equally true for V4.)
