I don't remember for certain, but I know many of those types of tools passed the token over the net in the clear - they didn't actually use kerberos ticket forwarding. They just did a GetToken, and wrote the token over the socket to the remote connection, which did a SetToken.
And yeah, they are probably riddled with buffer overflows as well. -- Nathan ------------------------------------------------------------ Nathan Neulinger EMail: [EMAIL PROTECTED] University of Missouri - Rolla Phone: (573) 341-4841 Computing Services Fax: (573) 341-4216 > -----Original Message----- > From: Charles Clancy [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, January 15, 2002 3:12 PM > To: [EMAIL PROTECTED] > Subject: Re: [OpenAFS-devel] How can I use rsh to connect with AFS > > > > > OpenAFS doesn't build the r* or inetd by default... > > > > --enable-insecure is needed at configure time to enable > them, and that > > option name is deliberate. Consider implications carefully > before using > > them > > Is your hesitance to use these utilities simply because they are as > insecure as the standard r* utils, or are they particularly > more insecure > in some way? I thought someone had mentioned a while back that they > hadn't been maintained, and were probably riddled with buffer > overflows > (like the ftpd-glob thing last year). > > -- > t. charles clancy <> [EMAIL PROTECTED] <> www.uiuc.edu/~tclancy > > _______________________________________________ > OpenAFS-devel mailing list > [EMAIL PROTECTED] > https://lists.openafs.org/mailman/listinfo/openafs-devel > _______________________________________________ OpenAFS-devel mailing list [EMAIL PROTECTED] https://lists.openafs.org/mailman/listinfo/openafs-devel
