[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: inetd.conf.changes

To: Peter Ehlin <pelin@voxi.se>
Subject: Re: inetd.conf.changes
From: joda@pdc.kth.se (Johan Danielsson)
Date: 12 Sep 2000 15:54:56 +0200
Cc: heimdal-discuss@sics.se
In-Reply-To: Peter Ehlin's message of "Tue, 12 Sep 2000 15:27:46 +0200"
References: <39BDE9D5.C36C7CA@voxi.se> <xofvgw125b7.fsf@blubb.pdc.kth.se> <39BE2F52.9FFCEC4C@voxi.se>
Sender: owner-heimdal-discuss@sics.se
User-Agent: Gnus/5.0803 (Gnus v5.8.3) Emacs/20.5

Peter Ehlin <pelin@voxi.se> writes:

> So, what should be in my /etc/inetd.conf if I want to have something
> like the old ekshell (encryption and authetication) and disallow the
> unencrypted rsh variants?

You can't really do this as it is now. The following (untested) patch
should disable non-encrypted V5 rsh sessions, if rshd is passed the -x
option, so if you have -k -x on both ports, you will get the desired
result, but probably because the v4 rsh:s will be royally confused by
the encrypted response.

We should fix this in a better way.

/Johan

--- rshd.c      2000/07/02 15:50:21     1.33
+++ rshd.c      2000/09/12 13:50:26
@ -363,6 +363,8 @
        do_encrypt = 1;
        memmove (cmd, cmd + 3, strlen(cmd) - 2);
     } else {
+       if(do_encrypt)
+           fatal (s, "Encryption required");
        do_encrypt = 0;
     }

References:
- inetd.conf.changes
  - From: Peter Ehlin <pelin@voxi.se>
- Re: inetd.conf.changes
  - From: joda@pdc.kth.se (Johan Danielsson)
- Re: inetd.conf.changes
  - From: Peter Ehlin <pelin@voxi.se>

Prev by Date: Re: inetd.conf.changes
Next by Date: Re: MIT to Heimdal porting, libraries to link with?
Prev by thread: Re: inetd.conf.changes
Next by thread: Two questions about AFS + Heimdal
Index(es):
- Date
- Thread