[3551] in testers
sun4 [8.2.0]: kerberized rsh
daemon@ATHENA.MIT.EDU (Jonathon Weiss)
Fri Jun 5 23:02:48 1998
Date: Fri, 5 Jun 1998 23:02:46 -0400 (EDT)
To: testers@MIT.EDU
Cc: ops@MIT.EDU
From: Jonathon Weiss <jweiss@MIT.EDU>
System name: speaker-for-the-dead.mit.edu
Type and version: Ultra-1 8.2.0
Display type: ffb
What were you trying to do?
rsh to a bunch of servers as root
What went wrong?
some machines reported errors using k5 rsh that should have
allowed it. (they did fall back to k4 properly tho.)
Yo, got any documentation, or other info?
This appears to affect machines that are running 8.1 and have a patch
level <= 13 (although the only machine I know I tested were 8.1.9,
8.1.11 or 8.1.13. I tried at least one 8.1.14 machine where k5 rsh
worked. In all cases, the rsh client was running on this machine.
The server machine syslogged:
Jun 5 22:54:14 finch kshd[5572]: Principal jweiss/root@ATHENA.MIT.EDU (jweiss@SPEAKER-FOR-THE-DEAD.MIT.EDU) for local user root failed krb5_kuserok.
Jun 5 22:54:14 finch kshd[5572]: kshd: Permission denied.
This is intended as mostly informational, since it appears that the
bug was in 8.1 and already fixed, but I figured other people might
notice.
ops: I suspect that creating a .k5login or somethign would solve the
probalem, but since rsh falls back to k4, and I want to update most of
these machines to 8.1.18 to eliminate the 248 day bug, I don;t think
we want to bother.
