Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.411 (Entity 5.404) X-RT-Original-Encoding: iso-8859-1 Content-Length: 3322 From djm@web.us.uu.net Fri Apr 14 13:04:30 2000 Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.mit.edu (8.9.3/8.9.3) with SMTP id NAA03359 for ; Fri, 14 Apr 2000 13:04:30 -0400 (EDT) Received: from jenkins.web.us.uu.net by MIT.EDU with SMTP id AA15252; Fri, 14 Apr 00 13:04:24 EDT Received: from dagger.web.us.uu.net by jenkins.web.us.uu.net with ESMTP (peer crosschecked as: dagger.web.us.uu.net [208.211.134.28]) id NAA11679; Fri, 14 Apr 2000 13:04:26 -0400 (EDT) Received: by dagger.web.us.uu.net id NAA28896; Fri, 14 Apr 2000 13:04:03 -0400 Message-Id: Date: Fri, 14 Apr 2000 13:04:03 -0400 From: djm@web.us.uu.net (David J. MacKenzie) Reply-To: djm@web.us.uu.net To: krb5-bugs@MIT.EDU Cc: djm@web.us.uu.net Subject: rsh fallback isn't always desirable X-Send-Pr-Version: 3.99 >Number: 845 >Category: krb5-appl >Synopsis: rsh fallback isn't always desirable >Confidential: no >Severity: non-critical >Priority: low >Responsible: krb5-unassigned >State: open >Class: change-request >Submitter-Id: unknown >Arrival-Date: Fri Apr 14 13:05:00 EDT 2000 >Last-Modified: >Originator: David MacKenzie >Organization: UUNET Technologies >Release: krb5-1.1.1 >Environment: System: Linux dagger.web.us.uu.net 2.2.14-15mdk #2 Sat Mar 11 19:32:26 EST 2000 i686 unknown Architecture: i686 >Description: In some environments, falling back to non-krb5 versions of the "r" commands is useless, adds clutter, and wastes time. It would be desirable to have a way of disabling the fallback, at least at compile time if not at runtime. Since .rhosts security is weak and krb4 is being phased out, there may not be any alternatives to the krb5 "r" commands on some systems. >How-To-Repeat: run krsh, krlogin, or krcp without a valid TGT. >Fix: Here's a compile-time patch. The following patch is from walrus@ans.net (Michael Shiplett) of UUNET. --- /homes/elves/djm/src/krb5-1.1.1/src/appl/bsd/krcp.c Fri Dec 17 15:43:48 1999 +++ src/appl/bsd/krcp.c Tue Mar 28 16:13:32 2000 @@ -1208,6 +1208,7 @@ void try_normal(argv) char **argv; { +#ifndef NO_RSH_FALLBACK register int i; #ifndef KRB5_ATHENA_COMPAT if (!encryptflag) @@ -1221,6 +1222,7 @@ execv(UCB_RCP, argv); perror("exec"); } +#endif /* NO_RSH_FALLBACK */ exit(1); } --- /homes/elves/djm/src/krb5-1.1.1/src/appl/bsd/krlogin.c Fri Dec 17 15:43:48 1999 +++ src/appl/bsd/krlogin.c Tue Mar 28 16:14:16 2000 @@ -1672,6 +1672,7 @@ void try_normal(argv) char **argv; { +#ifndef NO_RSH_FALLBACK register char *host; #ifdef POSIX_SIGNALS struct sigaction sa; @@ -1701,6 +1702,7 @@ execv(UCB_RLOGIN, argv); perror("exec"); +#endif /* NO_RSH_FALLBACK */ exit(1); } #endif --- /homes/elves/djm/src/krb5-1.1.1/src/appl/bsd/krsh.c Fri Dec 17 15:43:48 1999 +++ src/appl/bsd/krsh.c Tue Mar 28 16:15:05 2000 @@ -566,6 +581,7 @@ void try_normal(argv) char **argv; { +#ifndef NO_RSH_FALLBACK char *host; #ifndef KRB5_ATHENA_COMPAT @@ -592,6 +608,7 @@ fflush(stderr); execv(UCB_RSH, argv); perror("exec"); +#endif /* NO_RSH_FALLBACK */ exit(1); } #endif /* KERBEROS */ >Audit-Trail: >Unformatted: