From owner-freebsd-net Mon Mar 15 10:10:22 1999 Delivered-To: freebsd-net@freebsd.org Received: from mail.rwth-aachen.de (mail.RWTH-Aachen.DE [137.226.144.9]) by hub.freebsd.org (Postfix) with ESMTP id 84C7B151BA for ; Mon, 15 Mar 1999 10:10:09 -0800 (PST) (envelope-from heinig@hdz-ima.rwth-aachen.de) Received: from HDZ-IMA.RWTH-Aachen.de (majestix.hdz-ima.RWTH-Aachen.DE) by mail.rwth-aachen.de (PMDF V5.1-12 #30440) with ESMTP id <01J8VBT2LINA00002K@mail.rwth-aachen.de> for freebsd-net@FreeBSD.ORG; Mon, 15 Mar 1999 19:06:01 +0100 Received: from MAJESTIX/MAIL by HDZ-IMA.RWTH-Aachen.de (Mercury 1.20); Mon, 15 Mar 1999 19:08:09 +0000 Received: from MAIL by MAJESTIX (Mercury 1.20); Mon, 15 Mar 1999 19:07:53 +0000 Received: from hdz-ima.rwth-aachen.de by HDZ-IMA.RWTH-Aachen.de (Mercury 1.20) with ESMTP; Mon, 15 Mar 1999 19:07:49 +0000 Date: Mon, 15 Mar 1999 19:06:20 +0100 From: Gerald Heinig Subject: Re: Running superuser scripts remotely To: Garrett Wollman Cc: "FreeBSD-Net (FreeBSD.Org) List" Message-id: <36ED4C1C.C4F71A49@hdz-ima.rwth-aachen.de> Organization: Informatik im Maschinenbau / Hochschuldidaktisches Zentrum, RWTH Aachen MIME-version: 1.0 X-Mailer: Mozilla 4.5 [en] (X11; I; FreeBSD 2.2.7-RELEASE i386) Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7bit X-Accept-Language: en References: <36ECFE38.7DF02DFC@hdz-ima.rwth-aachen.de> <199903151535.KAA26142@khavrinen.lcs.mit.edu> Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Garrett Wollman wrote: > > < said: > > > I used rsh with kerberos authentication on my two machines at home, just > > for fun. The transmissions don't get encrypted, which might not be > > enough for you, but it would prevent the wrong people doing stuff on > > your machine remotely. > > `rsh -x' is your friend.... I use it all the time (as well as its > cousin `rcp -x'). You're right :-) It's quite a while since I did this and all I can remember is that one of the commands refused to encrypt the transmission. I can't even remember if I managed to sort that one out, after all, it's not *really* necessary on a private domestic network... :-) :-) > > However, Kerberos is a but much to be setting up for an individual > workstation -- it really only makes sense in environments like ours > where you have O(1000) machines and users. (That said, many of our > groups these days can't be bothered to set up Kerberos on their > machines, either, despite the fact that it would make their lives a > lot easier.) > > Kerberos v4 has a number of now-well-known security weaknesses as well > as (if the KDC is old enough) a serious Y2K problem. Kerberos v5 is > better, but the transition is a pain. While we're on the subject: is there a way of encrypting NFS transfers? AFAIK, even secure NFS doesn't actually encrypt all transmissions, but I'm not sure. I haven't looked at the Sun manuals recently. Gerald -- "Would you like to buy an encyclopaedia to help your child get to college?" "He doesn't need it. He takes the bus!" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message