Subject: Re: kerberos & rshd/rlogind vs. our inetd.conf
To: Hubert Feyrer <firstname.lastname@example.org>
From: Ed Ravin <email@example.com>
Date: 09/23/2005 10:42:00
On Fri, Sep 23, 2005 at 04:40:27AM +0200, Hubert Feyrer wrote:
> it seems that rshd and rlogind don't support neither kerberos nor the '-k'
> option these days, but still we have these lines in inetd.conf:
> # Kerberos authenticated services
> #klogin stream tcp nowait root /usr/libexec/rlogind
> #eklogin stream tcp nowait root /usr/libexec/rlogind
> -k -x
> #kshell stream tcp nowait root /usr/libexec/rshd
> rshd -k
> What to do - remove from inetd.conf? Or are there working alternatives?
Note that these services, even when they work, are only Kerberos-AUTHENTICATED.
The password is encrypted, but the data stream is still sent in the clear.