From owner-freebsd-bugs  Wed Oct 23 09:30:06 1996
Return-Path: owner-bugs
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id JAA25180
          for bugs-outgoing; Wed, 23 Oct 1996 09:30:06 -0700 (PDT)
Received: (from gnats@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id JAA25163;
          Wed, 23 Oct 1996 09:30:02 -0700 (PDT)
Date: Wed, 23 Oct 1996 09:30:02 -0700 (PDT)
Message-Id: <199610231630.JAA25163@freefall.freebsd.org>
To: freebsd-bugs
Cc: 
From: Garrett Wollman <wollman@lcs.mit.edu>
Subject: Re: conf/972
Reply-To: Garrett Wollman <wollman@lcs.mit.edu>
Sender: owner-bugs@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

The following reply was made to PR conf/972; it has been noted by GNATS.

From: Garrett Wollman <wollman@lcs.mit.edu>
To: "Marc G. Fournier" <scrappy@freefall.freebsd.org>
Cc: freebsd-gnats-submit@freefall.freebsd.org
Subject: Re: conf/972
Date: Wed, 23 Oct 1996 12:20:00 -0400

 <<On Tue, 22 Oct 1996 14:37:58 -0700 (PDT), "Marc G. Fournier" <scrappy@freefall.freebsd.org> said:
 
 > Basically, since Kerberos isn't distributed on the CD, Originator
 > suggests commenting out the appropriate entries in /etc/inetd.conf
 
 > Are there any reasons, security or otherwise, where leaving them 
 > enabled is a bad thing?
 
 Yes.  If they are enabled, than a Kerberized host attempting to talk
 to a non-Kerberized host will see `krlogin' succeed and then
 immediately drop, rather than failing (the correct behavior).  Thus,
 the automatic fallback does not work in this case.
 
 -GAWollman
 
 --
 Garrett A. Wollman   | O Siem / We are all family / O Siem / We're all the same
 wollman@lcs.mit.edu  | O Siem / The fires of freedom 
 Opinions not those of| Dance in the burning flame
 MIT, LCS, ANA, or NSA|                     - Susan Aglukark and Chad Irschick