Kerberized rsh/rlogin on FreeBSD and NetBSD?
Donn Cave
donn at u.washington.edu
Thu Mar 7 12:00:20 EST 2002
Quoth "Chris Schadl" <cschadl at nospamsatan.org.uk>:
| Hi,
|
| When I try to rlogin or rsh to my NetBSD or FreeBSD machines with
| kerberos support, I get the error "Couldn't authenticate to server: Bad
| sendauth version was sent". Looking in the syslogs of these hosts, I see
| the following:
|
| Mar 6 22:12:07 ryoko rlogind[37294]: usage: rlogind [-Dalnx]
| Mar 6 22:12:07 ryoko rlogind[37294]: usage: rlogind [-Dalnx]
| Mar 6 22:12:07 ryoko rlogind[37294]: Connection from 192.168.0.2 on illegal port
|
| (that's on the FreeBSD host; I get something simmilar on the NetBSD
| server)
|
| rlogind and rshd are set in inetd.conf to use the -k flag to enable
| Kerberos authentication, however the errors in my syslog would seem to
| indicate that the -k flag is not supported. Does anyone what I have to
| do to get kerberos rsh/rlogin working on these platforms?
On NetBSD 1.5, it doesn't look to me like /usr/libexec/rlogind supports
Kerberos. Only /usr/libexec/telnetd. Same story in the clients - only
telnet supports Kerberos. (Host/service principal lookup in this telnet
has the same bug as in MIT's ftp, multiple lookups lose in a dynamic DNS
environment.) Well, ssh looks like it might support Kerberos 4, but
I wouldn't expect that to do you much good.
Donn Cave, donn at u.washington.edu
More information about the Kerberos
mailing list