Subject: Re: kerberos V
To: None <current-users@netbsd.org>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: current-users
Date: 05/29/2001 14:37:02
On Tue, May 29, 2001 at 07:55:48AM +0200, Lars-Johan Liman wrote:
> aidan@kublai.com:
> > I (personally) don't plan to go mucking about adding krb5 support
> > to rsh/rshd, or rlogin/rlogind... I consider rlogin obsolete, and
> > rsh just looked like a real pain, to me.
>
> Just out of curiosity (this is not criticism!), why don't you just
> take the Heimdal stuff and replace the current ones with that?
> Copyright issues? Code quality?
>
> Or NIH? ;-)
Not Bloody Likely. It's all derived from the BSD code; what's in
our tree has the decided benefit of not having been tarted up with
autoconf, if you ask me.
I've advocated for a long time removing rsh/rshd/rlogin/rlogind from
the system; the manual pages say they'll disappear in a future version
and have said so since they were originally added. They are quick
hacks that have not really aged gracefully, and wrapping them in
Kerberos doesn't really help. Am I the only one who recalls that krb5
rsh sends the command string totally unencrypted and unauthenticated?
Adding that support back to these programs is not a major undertaking.
The question, to my mind, is whether it is worth enhancing or even
maintaining them at all.
Thor