>What's the best replacement for the old AFS rsh and >Transarc inetd which does token passing? > >I'm using this in a Linux cluster environment so speed is >fairly important - and I'd prefer something as easy to >setup as the old rsh.
I use the MIT Kerberos rsh/rshd all of the time. I'm not sure what you mean by "speed" ... if you're looking at data transfer rates, well, I'm not sure which is faster. If connection time is your issue, in my experience rsh is faster than openssh, just because you have less protocol overhead, less crypto to do (it's using Kerberos crypto instead of doing a DH exchange), and fewer round trips. You should experiment and gather your own numbers, of course. What takes extra time in Kerberized rsh is ticket forwarding and running aklog or the equivalant on the remote end ... but openssh has to do those things as well, in addition to everything else it's doing. If you have Kerberos working on these hosts already, getting Kerberized rsh working is pretty much a no brainer. No doubt some people will consider me "daft", but I have no real security concerns with Kerberized rsh, or the other Kerberized r-protocols (I'm talking about the MODERN ones, not the ones in the MIT 1.1 release era). We have tons of users using these protocols over the global Internet, and I don't lose a bit of sleep over this. In rsh, the remote username and command is cryptographically checksummed to prevent it from being modified, and if you turn it on the crypto isn't bad, IMHO (NOT speaking as a cryptographer, you understand). I view it as more than good enough to protect against the threats we're facing on the Internet today. With any Kerberos 5 solution (rsh or openssh), you're not going to get the speed of the AFS token-passing rsh ... but from just a security standpoint if no other, getting rid of token-passing rsh is a really good idea (as you no doubt know already). --Ken _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
