On Dec 1, 10:45am, [EMAIL PROTECTED] wrote:
>
> Just to clarify the example above:
> Even if one part (the Transarc version of rlogind) is willing to receive
> a token you can't send it by /usr/ucb/rlogin because it does not know
> anything about token passing.
> As far as I know Transarc does not see any need to provide token passing
> for rlogin. Transarc recommends to use rsh instead of rlogin :-(
>
I was under the impression that the Transarc commands that did pass a token
passed them in the clear, so they are insecure anyways. I wrote a simple
client/server which will securely forward your ticket granting ticket
(you have to be using kaserver for it to work). You then run aklog after
you login. I've tied it altogether in a perl script called "klogin" which
forwards my tgt first then does an encrypted rlogin next, and my hacked up
login.krb program calls aklog automatically. Its not an ideal solution, but
it works.
Roland
--
Roland J. Schemers III | 414 Sweet Hall +1 (415) 723-6740
Authentication Services Programmer | Stanford, CA 94305-3090
Distributed Computing Operations | [EMAIL PROTECTED]
Stanford University | http://www-leland.stanford.edu/~schemers/
