Date: Mon, 15 Mar 1999 10:35:49 -0500 (EST) From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> To: Gerald Heinig <heinig@hdz-ima.rwth-aachen.de> Cc: Graeme Brown <graeme.brown@bt-sys.bt.co.uk>, "FreeBSD-Net (FreeBSD.Org) List" <freebsd-net@FreeBSD.ORG> Subject: Re: Running superuser scripts remotely Message-ID: <199903151535.KAA26142@khavrinen.lcs.mit.edu> In-Reply-To: <36ECFE38.7DF02DFC@hdz-ima.rwth-aachen.de> References: <n1290633554.27337@maczebedee> <36ECFE38.7DF02DFC@hdz-ima.rwth-aachen.de>
next in thread | previous in thread | raw e-mail | index | archive | help
<<On Mon, 15 Mar 1999 13:34:00 +0100, Gerald Heinig <heinig@hdz-ima.rwth-aachen.de> said: > I used rsh with kerberos authentication on my two machines at home, just > for fun. The transmissions don't get encrypted, which might not be > enough for you, but it would prevent the wrong people doing stuff on > your machine remotely. `rsh -x' is your friend.... I use it all the time (as well as its cousin `rcp -x'). However, Kerberos is a but much to be setting up for an individual workstation -- it really only makes sense in environments like ours where you have O(1000) machines and users. (That said, many of our groups these days can't be bothered to set up Kerberos on their machines, either, despite the fact that it would make their lives a lot easier.) Kerberos v4 has a number of now-well-known security weaknesses as well as (if the KDC is old enough) a serious Y2K problem. Kerberos v5 is better, but the transition is a pain. -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199903151535.KAA26142>