We have a kerberos version of rlogin which uses the AFS Kaserver's
semantics of allowing ticket granting tickets to be usable from a
machine of than the one it was issued to. The MIT kerberos server
implementation does not allow the ticket granting ticket to be used from
any machine, but the one it was issued to.
Out rlogin establishes a secure connection and passes the encrypted
Ticket Granting Ticket down the line then the other end requests the
apropriate AFS ticket. You need the kerberos ticket file for this to
work (look for this in by default in 3.2). Our r commands are not
currently available anywhere, but I am sure we can be talked into it.
They do depend on changes in 3.2.
All the Transarc remote shell like commands are insecure. There is no
mutual authentication. They are convenient commands to have around, but
don't provide you any more security and possibly less than the Berkeley
r commands.
-Wallace
