Subject: Re: kerberos & rshd/rlogind vs. our inetd.conf
To: Hubert Feyrer <hubert@feyrer.de>
From: Ed Ravin <eravin@panix.com>
List: tech-net
Date: 09/23/2005 10:42:00
On Fri, Sep 23, 2005 at 04:40:27AM +0200, Hubert Feyrer wrote:
>
> it seems that rshd and rlogind don't support neither kerberos nor the '-k'
> option these days, but still we have these lines in inetd.conf:
>
> # Kerberos authenticated services
> #
> #klogin stream tcp nowait root /usr/libexec/rlogind
> rlogind
> -k
> #eklogin stream tcp nowait root /usr/libexec/rlogind
> rlogind
> -k -x
> #kshell stream tcp nowait root /usr/libexec/rshd
> rshd -k
>
> What to do - remove from inetd.conf? Or are there working alternatives?
Note that these services, even when they work, are only Kerberos-AUTHENTICATED.
The password is encrypted, but the data stream is still sent in the clear.