From owner-freebsd-questions  Mon Nov  3 10:05:46 1997
Return-Path: <owner-freebsd-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.7/8.8.7) id KAA19990
          for questions-outgoing; Mon, 3 Nov 1997 10:05:46 -0800 (PST)
          (envelope-from owner-freebsd-questions)
Received: from conductor.synapse.net (conductor.synapse.net [199.84.54.18])
          by hub.freebsd.org (8.8.7/8.8.7) with SMTP id KAA19975
          for <freebsd-questions@FreeBSD.ORG>; Mon, 3 Nov 1997 10:05:40 -0800 (PST)
          (envelope-from evanc@synapse.net)
Received: (qmail 27476 invoked from network); 3 Nov 1997 18:05:36 -0000
Received: from cello.synapse.net (199.84.54.81)
  by conductor.synapse.net with SMTP; 3 Nov 1997 18:05:36 -0000
Date: Mon, 3 Nov 1997 13:05:35 -0500 (EST)
From: Evan Champion <evanc@synapse.net>
To: Doug White <dwhite@resnet.uoregon.edu>
cc: freebsd-questions@FreeBSD.ORG
Subject: rsh, rlogin, kerberos
In-Reply-To: <Pine.BSF.3.96.971103091537.25743A-100000@gdi.uoregon.edu>
Message-ID: <Pine.BSF.3.96.971103125317.380B-100000@cello.synapse.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Mon, 3 Nov 1997, Doug White wrote:

> There is one noted wierdness with FreeBSD's rsh.  If you connect using
> RSH, close the connection, then immediately try to reconnect, the
> connection will lock up.  Wait a couple of minutes and it will work fine.
> I think we're still trying to find that one.

Hum, well this one doesn't work from the beginning so I'm not sure that's
it :-)

Now that you mention it though, I have a similar problem with rlogin.  I'm
using kerberized rlogin.  I can rlogin once to a 3.0-current system, and
it will work just fine, and then start up another xterm and try rlogin'ing
again and it will fail.  If I wait a while, I can usually get back.  My
tickets haven't expired, and asking for a new ticket doesn't usually help
(the fact that it helps sometimes may just be because it takes me time to
type in all the info again, which could be enough for the problem to go
away). 

It isn't something that I can duplicate on demand.  It just happens.  Of
course, it won't do it right now :-) so I can't get the exact error
message, but I believe it is the standard error message you get when you
do a krlogin to a host that doesn't speak kerberos.

This only happens talking to my 3.0-current server.  It always works
talking to a BSD/OS 3.0 server.


If you don't mind me griping a bit more about Kerberos :-) I have a couple
other things that I've run in to.

When I kinit, it makes me type in my userid@realm as well as the password.
Can't it just default me to userid@default-realm?

When I su root, no ticket is generated for user.root@synapse.net.  I tried
modifying the login.conf to put kerberos before passwd, but it doesn't
seem to help.

I also can't login using ftp with a kerberos password.  I know this is
disabled by default, but on BSD/OS I was able to turn it on by adjusting
the login.conf.

Here's what I'm using right now in login.conf:

auth-defaults:\
        :auth=krb_skey_or_passwd,kerberos,passwd,skey:

auth-root-defaults:\
        :auth-login=krb_skey_or_passwd,kerberos,passwd,skey:\
        :auth-rlogin=krb_or_skey,kerberos,skey:\

auth-ftp-defaults:\
        :auth=krb_skey_or_passwd,kerberos,passwd,skey:

Evan