[4479] in testers
Re: Linux 8.4.4: Remote access burps
daemon@ATHENA.MIT.EDU (Greg Hudson)
Tue Jun 20 11:13:16 2000
Message-Id: <200006201513.LAA03861@small-gods.mit.edu>
To: "Christopher D. Beland" <beland@MIT.EDU>
cc: testers@MIT.EDU
In-Reply-To: Your message of "Tue, 20 Jun 2000 02:32:52 EDT."
<200006200632.CAA00971@No-Whammies.mit.edu>
Date: Tue, 20 Jun 2000 11:13:04 -0400
From: Greg Hudson <ghudson@MIT.EDU>
From what I can tell:
* FTP's krb5 support (via GSSAPI) doesn't deal properly if you
use a cname of the host you're FTPing to. That may be for
security reasons, since cname lookups are typically not
secure. (Of course, it makes no sense for Kerberos to
enforce a no-cnames policy in one mechanism of one
application and nowhere else, but lots of Kerberos makes no
sense.)
* FTP's krb4 support is exhibiting a bug which I thought I had
fixed in 8.4.3.
You also listed a problem where telnet from No-Whammies to itself
asked for a password. I need to know more detail here:
* How are you logged into No-Whammies when you notice this
behavior?
* What is the output of "klist -f" on No-Whammies when you
notice this behavior? (I need the "klist -f" output for the
shell you attempted the login from, not the shell you get
after typing your password.)
