From owner-freebsd-net  Mon Mar 15  7:39:56 1999
Delivered-To: freebsd-net@freebsd.org
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193])
	by hub.freebsd.org (Postfix) with ESMTP id 30D2014F85
	for <freebsd-net@FreeBSD.ORG>; Mon, 15 Mar 1999 07:38:37 -0800 (PST)
	(envelope-from wollman@khavrinen.lcs.mit.edu)
Received: (from wollman@localhost)
	by khavrinen.lcs.mit.edu (8.9.1/8.9.1) id KAA26142;
	Mon, 15 Mar 1999 10:35:49 -0500 (EST)
	(envelope-from wollman)
Date: Mon, 15 Mar 1999 10:35:49 -0500 (EST)
From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Message-Id: <199903151535.KAA26142@khavrinen.lcs.mit.edu>
To: Gerald Heinig <heinig@hdz-ima.rwth-aachen.de>
Cc: Graeme Brown <graeme.brown@bt-sys.bt.co.uk>,
	"FreeBSD-Net (FreeBSD.Org) List" <freebsd-net@FreeBSD.ORG>
Subject: Re: Running superuser scripts remotely
In-Reply-To: <36ECFE38.7DF02DFC@hdz-ima.rwth-aachen.de>
References: <n1290633554.27337@maczebedee>
	<36ECFE38.7DF02DFC@hdz-ima.rwth-aachen.de>
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

<<On Mon, 15 Mar 1999 13:34:00 +0100, Gerald Heinig <heinig@hdz-ima.rwth-aachen.de> said:

> I used rsh with kerberos authentication on my two machines at home, just
> for fun. The transmissions don't get encrypted, which might not be
> enough for you, but it would prevent the wrong people doing stuff on
> your machine remotely.

`rsh -x' is your friend.... I use it all the time (as well as its
cousin `rcp -x').

However, Kerberos is a but much to be setting up for an individual
workstation -- it really only makes sense in environments like ours
where you have O(1000) machines and users.  (That said, many of our
groups these days can't be bothered to set up Kerberos on their
machines, either, despite the fact that it would make their lives a
lot easier.)

Kerberos v4 has a number of now-well-known security weaknesses as well
as (if the KDC is old enough) a serious Y2K problem.  Kerberos v5 is
better, but the transition is a pain.

-GAWollman

--
Garrett A. Wollman   | O Siem / We are all family / O Siem / We're all the same
wollman@lcs.mit.edu  | O Siem / The fires of freedom 
Opinions not those of| Dance in the burning flame
MIT, LCS, CRS, or NSA|                     - Susan Aglukark and Chad Irschick


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message