From owner-freebsd-current  Thu Aug 10 21:21:50 2000
Delivered-To: freebsd-current@freebsd.org
Received: from ns.altadena.net (ns.altadena.net [206.126.144.2])
	by hub.freebsd.org (Postfix) with ESMTP
	id D9D8C37BBFD; Thu, 10 Aug 2000 21:21:42 -0700 (PDT)
	(envelope-from pete@ns.altadena.net)
Received: (from pete@localhost)
	by ns.altadena.net (8.9.3/8.8.8) id VAA68802;
	Thu, 10 Aug 2000 21:21:31 -0700 (PDT)
	(envelope-from pete)
From: Pete Carah <pete@ns.altadena.net>
Message-Id: <200008110421.VAA68802@ns.altadena.net>
Subject: Another crypto problem; no kerb4 rshd/rlogind
To: current@freebsd.org, stable@freebsd.org
Date: Thu, 10 Aug 2000 21:21:30 -0700 (PDT)
X-Mailer: ELM [version 2.4ME+ PL68 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=iso8859-1
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Somehow in the internat merge the kerb4 versions of rshd and rlogind
disappeared (rshd -k; rlogind -ek and -k).  They are often used for 
scripting in ways that kerberized telnet can't handle (yes, I can 
use expect but what a kluge :-), or I could adapt ssh for this and 
probably will, but that is problematic sometimes; it is harder to 
keep audit trails than with k4).

k5 didn't implement this either at least within the fbsd "make world"
context...

If fbsd handles suid (not necessarily root) scripts correctly then it 
isn't too hard to do the wrappers needed.  I've not seen whether that
is ok or not in any of the normal docs.

-- Pete


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message