It appears that the afs rlogind only obtains tickets when the user is
actually prompted for a password (e.g., when the user has no .rhosts file or
it is protected with mode 664). But that seems to defeat some of the primary
benefits of rlogin, e.g., users don't need to enter a password (ease of use)
and no cleartext passwords on the network. Should it be possible to design a
rlogin/rlogind that automatically fetches a token on the remote host without
requiring the user to enter a password? Would it be possible to do that
without compromising security? I suppose second-best would be to prompt for
a password, but not send a cleartext password over the network (ala MIT
rkinitd).
The afs versions of rsh and rcp don't prompt for a password, but appear to
have authenticated access. How are they different than rlogin?
--
Jamey Maze | Computing & Telecommunications Division
Oak Ridge National Lab | Advanced Technology Group
P.O. Box 2008, MS-6238 | Internet: [EMAIL PROTECTED]
Oak Ridge, TN 37831-6238 | 615/574-6355, FAX 615/574-9646
