Date: Sun, 4 Aug 1996 02:16:46 +0800 (WST) From: packrat@iinet.net.au To: FreeBSD-gnats-submit@freebsd.org Subject: bin/1461: Incorrect address binding of Kerberized rlogin Message-ID: <199608031816.CAA00739@fenrus.rattus.uwa.edu.au> Resent-Message-ID: <199608031830.LAA28357@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 1461 >Category: bin >Synopsis: Incorrect address binding of Kerberized rlogin >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sat Aug 3 11:30:01 PDT 1996 >Last-Modified: >Originator: Bruce Murphy >Organization: >Release: FreeBSD 2.2-960801-SNAP i386 >Environment: Machine used as a firewall between a private network 192.168.1.x and a full internet network >Description: The bound address of the socket obtained by the kerberized rlogin program is that of either the primary interface or the interface containing the default route, not the interface which actually emits the packets. >How-To-Repeat: One internal network, directly connected to ed1 192.168.1.x External network connected to a 255.255.255.0 netmasked subnetwork of a B-class network on ed0. Route directly to internal network, route directly to external subnet and default route to the rest of the world via a router on the external subnet. rlogin to a host on the internal network has local address bound to the address of the external subnet's interface (as seen with a tcpdump trace from another machine on the internal net). Normal IP-based rlogin authentication fails horribly at this point. >Fix: Recompile the rlogin (and presumably other r* commands) with both KERBEROS and CRYPT support defines commented out in the Makefile. >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608031816.CAA00739>