Mats Erik Andersson <[email protected]> writes: > Let me therefore continue to mention imaginable additions > to our present state: > > * I will rename the option > > --servername=localhost > > as > > --server-name=localhost > > in order to comply with the naming in Shishi. > Momentarily this concerns rshd and rlogind. > Should also telnetd offer this switch?
I think that would be useful. Btw, I noticed that MIT/Heimdal telnet has a '-k realm' parameter to override the realm of the remote host. That could be useful too. > * Could the above be extended to allow > > --server-name=localhost@HOST > > or even > > --server-name=rsh/localhost@LOCALHOST > > with increasing degree of replacing the default > > host/hostname@REALM ? Yeah, maybe that is even better. A value of @REALM could indicate that you only want to override the remote realm. However, the name of the switch is a bit strange then, --server-principal maybe? > * In non-Kerberized setting there is "-l/--no-rhosts" > to depreciate the equivalence file "$HOME/.rhosts". > Should we introduce "--no-k5login" for the Kerberized > setting, or could the old switches be overloaded to > disable access to "$HOME/.k5login" for a server running > a Kerberized service? Should we introduce "--no-basic-auth" > to disable authorization type "basic"? I don't think we should overload switches. I don't think the rest is of high priority, I wouldn't know when people would want to use those switches. > * [Important] We must thoroughly test and evaluate the > intended distinctions between > > telnetd -k -a off > > telnetd -k -a none > > telnetd -k -a user > > telnetd -k -a valid > > making sure that they land accurately at the intended > authorization level. The latter two are to be given > priority on behalf of our users. Yeah, this is a bit of a mess. > In the longer perspective, two coding efforts are welcome: > > * Extend rcp with encryption, as authentication was > implemented by myself earlier this summer. Inspiration could be drawn from extra/rsh-redone/ in Shishi. > * Making ftp and ftpd able to use libshishi would make > GNU Inetutils a strong collection of utilities! Indeed! /Simon
