From owner-freebsd-bugs Sat Aug 3 11:30:03 1996 Return-Path: owner-bugs Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id LAA28365 for bugs-outgoing; Sat, 3 Aug 1996 11:30:03 -0700 (PDT) Received: (from gnats@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id LAA28357; Sat, 3 Aug 1996 11:30:02 -0700 (PDT) Resent-Date: Sat, 3 Aug 1996 11:30:02 -0700 (PDT) Resent-Message-Id: <199608031830.LAA28357@freefall.freebsd.org> Resent-From: gnats (GNATS Management) Resent-To: freebsd-bugs Resent-Reply-To: FreeBSD-gnats@freefall.FreeBSD.org, packrat@iinet.net.au Received: from uniwa.uwa.edu.au (root@uniwa.uwa.edu.au [130.95.128.1]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id LAA28178 for ; Sat, 3 Aug 1996 11:28:03 -0700 (PDT) Received: from fenrus.rattus.uwa.edu.au ([130.95.62.101]) by uniwa.uwa.edu.au (8.6.11/8.6.9) with ESMTP id CAA23547 for ; Sun, 4 Aug 1996 02:27:53 +0800 Received: (from packrat@localhost) by fenrus.rattus.uwa.edu.au (8.7.5/8.7.3) id CAA00739; Sun, 4 Aug 1996 02:16:46 +0800 (WST) Message-Id: <199608031816.CAA00739@fenrus.rattus.uwa.edu.au> Date: Sun, 4 Aug 1996 02:16:46 +0800 (WST) From: packrat@iinet.net.au Reply-To: packrat@iinet.net.au To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: bin/1461: Incorrect address binding of Kerberized rlogin Sender: owner-bugs@freebsd.org X-Loop: FreeBSD.org Precedence: bulk >Number: 1461 >Category: bin >Synopsis: Incorrect address binding of Kerberized rlogin >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Class: change-request >Submitter-Id: current-users >Arrival-Date: Sat Aug 3 11:30:01 PDT 1996 >Last-Modified: >Originator: Bruce Murphy >Organization: >Release: FreeBSD 2.2-960801-SNAP i386 >Environment: Machine used as a firewall between a private network 192.168.1.x and a full internet network >Description: The bound address of the socket obtained by the kerberized rlogin program is that of either the primary interface or the interface containing the default route, not the interface which actually emits the packets. >How-To-Repeat: One internal network, directly connected to ed1 192.168.1.x External network connected to a 255.255.255.0 netmasked subnetwork of a B-class network on ed0. Route directly to internal network, route directly to external subnet and default route to the rest of the world via a router on the external subnet. rlogin to a host on the internal network has local address bound to the address of the external subnet's interface (as seen with a tcpdump trace from another machine on the internal net). Normal IP-based rlogin authentication fails horribly at this point. >Fix: Recompile the rlogin (and presumably other r* commands) with both KERBEROS and CRYPT support defines commented out in the Makefile. >Audit-Trail: >Unformatted: