tech-net: Re: kerberos & rshd/rlogind vs. our inetd.conf

Subject: Re: kerberos & rshd/rlogind vs. our inetd.conf
To: Hubert Feyrer <hubert@feyrer.de>
From: Ed Ravin <eravin@panix.com>
List: tech-net
Date: 09/23/2005 10:42:00

On Fri, Sep 23, 2005 at 04:40:27AM +0200, Hubert Feyrer wrote:
> 
> it seems that rshd and rlogind don't support neither kerberos nor the '-k' 
> option these days, but still we have these lines in inetd.conf:
> 
> #       Kerberos authenticated services
> #
> #klogin         stream  tcp     nowait  root    /usr/libexec/rlogind    
> rlogind
> -k
> #eklogin        stream  tcp     nowait  root    /usr/libexec/rlogind    
> rlogind
> -k -x
> #kshell         stream  tcp     nowait  root    /usr/libexec/rshd       
> rshd -k
> 
> What to do - remove from inetd.conf? Or are there working alternatives?

Note that these services, even when they work, are only Kerberos-AUTHENTICATED.
The password is encrypted, but the data stream is still sent in the clear.