.k5login and only allow rcp

Sam Hartman hartmans at MIT.EDU
Sun Jun 16 18:26:19 EDT 2002

>>>>> "eichin-krb" == eichin-krb  <eichin-krb at thok.org> writes:

    >> Yes.  Write a shell that only allows the user to run rcp.
    eichin-krb> Or use kerberized ssh, and the command= option in the
    eichin-krb> authorized keys file (see the sshd manpage.)  There
    eichin-krb> are other things you need to do along with it (read
    eichin-krb> the man page in detail), and it may not be enough [you
    eichin-krb> may have to have a constant argument string, though
    eichin-krb> that may not be a bad thing - the example in the man
    eichin-krb> page uses "dump" with fixed arguments] but it is a
    eichin-krb> possible shortcut.

Mark, I don't think you can easily get rcp to call anything other than
Kerberized rsh.

Although if you have ssh you have scp.

More information about the Kerberos mailing list