From djm@web.us.uu.net Fri Apr 14 13:04:30 2000
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2])
by rt-11.mit.edu (8.9.3/8.9.3) with SMTP id NAA03359
for <bugs@RT-11.MIT.EDU>; Fri, 14 Apr 2000 13:04:30 -0400 (EDT)
Received: from jenkins.web.us.uu.net by MIT.EDU with SMTP
id AA15252; Fri, 14 Apr 00 13:04:24 EDT
Received: from dagger.web.us.uu.net by jenkins.web.us.uu.net with ESMTP
(peer crosschecked as: dagger.web.us.uu.net [208.211.134.28])
id NAA11679; Fri, 14 Apr 2000 13:04:26 -0400 (EDT)
Received: by dagger.web.us.uu.net
id NAA28896; Fri, 14 Apr 2000 13:04:03 -0400
Message-Id: <NAA28896.200004141704@dagger.web.us.uu.net>
Date: Fri, 14 Apr 2000 13:04:03 -0400
From: djm@web.us.uu.net (David J. MacKenzie)
Reply-To: djm@web.us.uu.net
To: krb5-bugs@MIT.EDU
Cc: djm@web.us.uu.net
Subject: rsh fallback isn't always desirable
X-Send-Pr-Version: 3.99
System: Linux dagger.web.us.uu.net 2.2.14-15mdk #2 Sat Mar 11 19:32:26 EST 2000 i686 unknown
Architecture: i686
of the "r" commands is useless, adds clutter, and wastes time.
It would be desirable to have a way of disabling the fallback,
at least at compile time if not at runtime. Since .rhosts
security is weak and krb4 is being phased out, there
may not be any alternatives to the krb5 "r" commands on
some systems.
Here's a compile-time patch.
The following patch is from walrus@ans.net (Michael Shiplett) of UUNET.
--- /homes/elves/djm/src/krb5-1.1.1/src/appl/bsd/krcp.c Fri Dec 17 15:43:48 1999
+++ src/appl/bsd/krcp.c Tue Mar 28 16:13:32 2000
@@ -1208,6 +1208,7 @@
void try_normal(argv)
char **argv;
{
+#ifndef NO_RSH_FALLBACK
register int i;
#ifndef KRB5_ATHENA_COMPAT
if (!encryptflag)
@@ -1221,6 +1222,7 @@
execv(UCB_RCP, argv);
perror("exec");
}
+#endif /* NO_RSH_FALLBACK */
exit(1);
}
--- /homes/elves/djm/src/krb5-1.1.1/src/appl/bsd/krlogin.c Fri Dec 17 15:43:48 1999
+++ src/appl/bsd/krlogin.c Tue Mar 28 16:14:16 2000
@@ -1672,6 +1672,7 @@
void try_normal(argv)
char **argv;
{
+#ifndef NO_RSH_FALLBACK
register char *host;
#ifdef POSIX_SIGNALS
struct sigaction sa;
@@ -1701,6 +1702,7 @@
execv(UCB_RLOGIN, argv);
perror("exec");
+#endif /* NO_RSH_FALLBACK */
exit(1);
}
#endif
--- /homes/elves/djm/src/krb5-1.1.1/src/appl/bsd/krsh.c Fri Dec 17 15:43:48 1999
+++ src/appl/bsd/krsh.c Tue Mar 28 16:15:05 2000
@@ -566,6 +581,7 @@
void try_normal(argv)
char **argv;
{
+#ifndef NO_RSH_FALLBACK
char *host;
#ifndef KRB5_ATHENA_COMPAT
@@ -592,6 +608,7 @@
fflush(stderr);
execv(UCB_RSH, argv);
perror("exec");
+#endif /* NO_RSH_FALLBACK */
exit(1);
}
#endif /* KERBEROS */
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2])
by rt-11.mit.edu (8.9.3/8.9.3) with SMTP id NAA03359
for <bugs@RT-11.MIT.EDU>; Fri, 14 Apr 2000 13:04:30 -0400 (EDT)
Received: from jenkins.web.us.uu.net by MIT.EDU with SMTP
id AA15252; Fri, 14 Apr 00 13:04:24 EDT
Received: from dagger.web.us.uu.net by jenkins.web.us.uu.net with ESMTP
(peer crosschecked as: dagger.web.us.uu.net [208.211.134.28])
id NAA11679; Fri, 14 Apr 2000 13:04:26 -0400 (EDT)
Received: by dagger.web.us.uu.net
id NAA28896; Fri, 14 Apr 2000 13:04:03 -0400
Message-Id: <NAA28896.200004141704@dagger.web.us.uu.net>
Date: Fri, 14 Apr 2000 13:04:03 -0400
From: djm@web.us.uu.net (David J. MacKenzie)
Reply-To: djm@web.us.uu.net
To: krb5-bugs@MIT.EDU
Cc: djm@web.us.uu.net
Subject: rsh fallback isn't always desirable
X-Send-Pr-Version: 3.99
Show quoted text
>Number: 845
>Category: krb5-appl
>Synopsis: rsh fallback isn't always desirable
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: krb5-unassigned
>State: open
>Class: change-request
>Submitter-Id: unknown
>Arrival-Date: Fri Apr 14 13:05:00 EDT 2000
>Last-Modified:
>Originator: David MacKenzie
>Organization:
UUNET Technologies>Category: krb5-appl
>Synopsis: rsh fallback isn't always desirable
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: krb5-unassigned
>State: open
>Class: change-request
>Submitter-Id: unknown
>Arrival-Date: Fri Apr 14 13:05:00 EDT 2000
>Last-Modified:
>Originator: David MacKenzie
>Organization:
Show quoted text
>Release: krb5-1.1.1
>Environment:
>Environment:
System: Linux dagger.web.us.uu.net 2.2.14-15mdk #2 Sat Mar 11 19:32:26 EST 2000 i686 unknown
Architecture: i686
Show quoted text
>Description:
In some environments, falling back to non-krb5 versionsof the "r" commands is useless, adds clutter, and wastes time.
It would be desirable to have a way of disabling the fallback,
at least at compile time if not at runtime. Since .rhosts
security is weak and krb4 is being phased out, there
may not be any alternatives to the krb5 "r" commands on
some systems.
Show quoted text
>How-To-Repeat:
run krsh, krlogin, or krcp without a valid TGT.Show quoted text
>Fix:
Here's a compile-time patch.
The following patch is from walrus@ans.net (Michael Shiplett) of UUNET.
--- /homes/elves/djm/src/krb5-1.1.1/src/appl/bsd/krcp.c Fri Dec 17 15:43:48 1999
+++ src/appl/bsd/krcp.c Tue Mar 28 16:13:32 2000
@@ -1208,6 +1208,7 @@
void try_normal(argv)
char **argv;
{
+#ifndef NO_RSH_FALLBACK
register int i;
#ifndef KRB5_ATHENA_COMPAT
if (!encryptflag)
@@ -1221,6 +1222,7 @@
execv(UCB_RCP, argv);
perror("exec");
}
+#endif /* NO_RSH_FALLBACK */
exit(1);
}
--- /homes/elves/djm/src/krb5-1.1.1/src/appl/bsd/krlogin.c Fri Dec 17 15:43:48 1999
+++ src/appl/bsd/krlogin.c Tue Mar 28 16:14:16 2000
@@ -1672,6 +1672,7 @@
void try_normal(argv)
char **argv;
{
+#ifndef NO_RSH_FALLBACK
register char *host;
#ifdef POSIX_SIGNALS
struct sigaction sa;
@@ -1701,6 +1702,7 @@
execv(UCB_RLOGIN, argv);
perror("exec");
+#endif /* NO_RSH_FALLBACK */
exit(1);
}
#endif
--- /homes/elves/djm/src/krb5-1.1.1/src/appl/bsd/krsh.c Fri Dec 17 15:43:48 1999
+++ src/appl/bsd/krsh.c Tue Mar 28 16:15:05 2000
@@ -566,6 +581,7 @@
void try_normal(argv)
char **argv;
{
+#ifndef NO_RSH_FALLBACK
char *host;
#ifndef KRB5_ATHENA_COMPAT
@@ -592,6 +608,7 @@
fflush(stderr);
execv(UCB_RSH, argv);
perror("exec");
+#endif /* NO_RSH_FALLBACK */
exit(1);
}
#endif /* KERBEROS */
Show quoted text
>Audit-Trail:
>Unformatted:
>Unformatted: