[7292] in Kerberos
Re: Kerberized RCP
daemon@ATHENA.MIT.EDU (Jonathan Kamens)
Thu May 16 07:04:59 1996
To: kerberos@MIT.EDU
Date: 16 May 1996 10:54:01 GMT
From: jik@annex-1-slip-jik.cam.ov.com (Jonathan Kamens)
After further investigation of the innards of the pre-beta-6 krcp code
and some private E-mail correspondence with Don Davis, I think I've
managed to figure out What Davis (and Sam Hartman, in the message to
which this is a response) were talking about when they mentioned the
"broken way that Rcp uses U2U previous to Beta 6."
The server side of a krcp connection does, in fact, obtain a ticket for
the user *when the user requests an encrypted rcp*. I was not aware of
this, and therefore the initial answer I posted in response to Jeff
Dietz's question was partially incorrect. In Dietz's example, Barney
will talk to the KDC *if and only if* he runs krcp with the "-x"
argument when he invokes it on Fred.
Davis' response to Dietz was also partially incorrect, because he
either (a) assumed that Dietz was using an encrypted connection when
his example said nothing about that, or (b) was under the impression
that krcp always gets a ticket from the KDC on the server side, when in
fact it only does so when an encrypted connection is requested.
Also, Davis' response to Dietz was somewhat removed from the question
at hand, because Deitz asked wht krcp *does* in its current form, and
what Davis described was what it *would do* it it were written
properly.
