>However, it's seriously questionable whether we want to turn them on,
>at least all of them.  They encrypt but don't authenticate the connection
>data (the wire protocols were designed before the importance of this was
>entirely understod, and kerberos "pcbc" mode doesn't do what is wanted
>here), and, worse, in the case of rsh, the command to be executed, itself,
>is not authenticated, providing an obvious vector for attack.

If we're talking about the V4 versions of these protocols, that is
true (of course, if you're still using Kerberos V4, you have plenty of
other problems :-) ).

There are two protocol versions for the r* commands for Kerberos 5.  The
second version of the r* command protocols do still send the command for
rsh in the clear, but the command is checksummed in the AP-REQ, so it
is protected against modification.  Acording to the Heimdal ChangeLog,
this was added to Heimdal on 2002-09-30.  I admit that it would be
better if the connection data was encrypted, but at least it's not
vulnerable to being replaced.

--Ken