Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 15 Mar 1999 19:06:20 +0100
From:      Gerald Heinig <heinig@hdz-ima.rwth-aachen.de>
To:        Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Cc:        "FreeBSD-Net (FreeBSD.Org) List" <freebsd-net@FreeBSD.ORG>
Subject:   Re: Running superuser scripts remotely
Message-ID:  <36ED4C1C.C4F71A49@hdz-ima.rwth-aachen.de>
References:  <n1290633554.27337@maczebedee> <36ECFE38.7DF02DFC@hdz-ima.rwth-aachen.de> <199903151535.KAA26142@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help 
Garrett Wollman wrote:
> 
> <<On Mon, 15 Mar 1999 13:34:00 +0100, Gerald Heinig <heinig@hdz-ima.rwth-aachen.de> said:
> 
> > I used rsh with kerberos authentication on my two machines at home, just
> > for fun. The transmissions don't get encrypted, which might not be
> > enough for you, but it would prevent the wrong people doing stuff on
> > your machine remotely.
> 
> `rsh -x' is your friend.... I use it all the time (as well as its
> cousin `rcp -x').

You're right :-) It's quite a while since I did this and all I can
remember is that one of the commands refused to encrypt the
transmission. I can't even remember if I managed to sort that one out,
after all, it's not *really* necessary on a private domestic network...
:-) :-)
> 
> However, Kerberos is a but much to be setting up for an individual
> workstation -- it really only makes sense in environments like ours
> where you have O(1000) machines and users.  (That said, many of our
> groups these days can't be bothered to set up Kerberos on their
> machines, either, despite the fact that it would make their lives a
> lot easier.)
> 
> Kerberos v4 has a number of now-well-known security weaknesses as well
> as (if the KDC is old enough) a serious Y2K problem.  Kerberos v5 is
> better, but the transition is a pain.

While we're on the subject: is there a way of encrypting NFS transfers?
AFAIK, even secure NFS doesn't actually encrypt all transmissions, but
I'm not sure. I haven't looked at the Sun manuals recently.

Gerald

-- 
"Would you like to buy an encyclopaedia to help your child get to
college?"
"He doesn't need it. He takes the bus!"


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?36ED4C1C.C4F71A49>