krb5-doc/1120: rsh command in clear, docs need to warn user
william.fiveash@sun.com
william.fiveash at sun.com
Thu Jun 20 13:05:55 EDT 2002
>Number: 1120
>Category: krb5-doc
>Synopsis: docs should warn about rsh -x sending command in the clear
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: krb5-unassigned
>State: open
>Class: doc-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Jun 20 13:07:00 EDT 2002
>Last-Modified:
>Originator: William Fiveash
>Organization:
Sun Microsystems
>Release: krb5-1.2.5
>Environment:
System: SunOS alton 5.8 Generic_108528-09 sun4u sparc SUNW,Ultra-5_10
Architecture: sun4
>Description:
I was doing some kerberized rsh testing using MIT 1.2.5 and I noticed
when doing:
/usr/local/bin/rsh -x myhost.com 'echo hello'
that the 'echo hello' command is sent in the clear to the remote host
even though I specified the -x flag (encrypt network session data).
Is this expected behavior? If so, it seems to me that the rsh man
page and the string output by rsh, "This rsh session is using DES
encryption for all data transmissions.", should mention the command is
being sent in the clear.
>How-To-Repeat:
>Fix:
Change the string output by rsh:
"This rsh session is using DES encryption for all data transmissions."
to something that mentions the command is being sent in the clear. Also
change the man page for rsh where it describes the -x option to mention
the command is sent in the clear.
>Audit-Trail:
>Unformatted:
More information about the krb5-bugs
mailing list