torsdag den 9 augusti 2012 klockan 15:00 skrev Simon Josefsson detta:
> Mats Erik Andersson <[email protected]> writes:
>
> > in order to comply with the naming in Shishi.
> > Momentarily this concerns rshd and rlogind.
> > Should also telnetd offer this switch?
>
> I think that would be useful.
Will do.
> Btw, I noticed that MIT/Heimdal telnet has a '-k realm' parameter to
> override the realm of the remote host. That could be useful too.
This was implemented for libshishi and telnet client in commit bfc79fcb,
on July, 13th!
> > * Could the above be extended to allow
> >
> > --server-name=localhost@HOST
> >
> > or even
> >
> > --server-name=rsh/localhost@LOCALHOST
> >
> > with increasing degree of replacing the default
> >
> > host/hostname@REALM ?
>
> Yeah, maybe that is even better. A value of @REALM could indicate that
> you only want to override the remote realm. However, the name of the
> switch is a bit strange then, --server-principal maybe?
The library offers shishi_parse_name() to decompose a qualified
principal's name. However it only decomposes into realm and principal,
but not separating off the instance name. Have I overlooked a further
library call?
I imagine some useful setups where one would want services
telnet/[email protected]
rsh/[email protected]
instead of the simplistic
host/[email protected]
for both services. This "[email protected]" would need one ticket for
each server: "telnet/bang.ex.org" and "rsh/bang.ex.org".
At the moment I do not recall whether MIT, or Heimdal, make
provisions for telnetd and ftpd to declare themselfs as
something more specific than "host/bang.ex.org". Certainly
Inetutils is not able to do that yet.
In fact, a correctly written "~/.k5login" would specify
## /home/admin/.k5login
sigge/[email protected]
gusten/[email protected]
[email protected]
allowing optional role selection. We are not yet at this stage
within Inetutils. Could one imagine calls like
$ telnet -kEX.ORG -l sigge/admin kdc.ex.org
$ rsh -l gusten/build bbuild.ex.org start_rebuild now
which would need a simple stripping off of the instance string
from the specified user name.
Regards,
Mats
