Subject: Re: kerberos V
To: Patrick Welche <email@example.com>
From: Tom Ivar Helbekkmo <tih@kpnQwest.no>
Date: 05/30/2001 20:32:31
Patrick Welche <firstname.lastname@example.org> writes:
> There's one bit of rsh I'm left with needing: if I RCMD_CMD=ssh and
> try to rdist, rdist will hang...
Are you sure the problem is what you think it is? If you're properly
authenticated for the (kerberized) ssh connection, rdist will work
(and this includes running it from cron, as long as you've got a
ticket file prepared for it -- I know, I've done it). If, however,
your authentication is not in order, you'll get a large number of
processes started in a very short time: rdist calls rcmd, which spawns
ssh, which tries to do its thing, but fails, so falls back on rsh,
which calls rcmd, which spawns ssh... Oops. :-)
If rsh were removed, and ssh took its place, this loop wouldn't happen.
The basic difference is this: hackers build things, crackers break them.