From mtc@ATHENA.MIT.EDU Mon Jun 30 16:49:26 1986 To: kerberos Subject: initial version of kerberos-authenticated rlogin etc Date: Mon, 30 Jun 86 16:47:04 -0500 From: Mark Colan <mtc@ATHENA.MIT.EDU> This memo describes the use of the initial version of the remote services (rlogin, rcp, rsh) that use Kerberos authentication. This software is still in slightly rough shape and is will be undergoing some development for the next week or so, depending on the types of bugs found. At the moment, these programs use a very slightly modified "protocol" from the original utilities. A new protocol may be developed if Athena mgt decides that this is appropriate use of resources. INSTALLING THE SOFTWARE The following files are located in goanna:krb/bin. They can be installed in any directory on the host machine, but a symbolic link /krb must point to their home. rshd,kshd remote shell daemon; same file, different links rlogind,klogind login daemon; same file, different links rlogin,rcp,rsh the user programs to access remote services login called by rlogind Note that rlogin, rcp, and rsh must be owned by root and set uid, as in: su chown root rlogin rcp rsh chmod 4555 rlogin rcp rsh CONFIGURATION FILES Two files require new entries to use these programs. /etc/inetd.conf: Add these two lines at the end of the file: kshell stream tcp nowait root /krb/kshd kshd klogin stream tcp nowait root /krb/klogind klogind After updating /etc/inetd.conf, you must cycle inetd to get it to read the changes: su ps -aux | grep inetd kill -9where came from the ps, above. inetd /etc/services: Add these lines somewhere in the file: # # Kerberos-authenticated services # klogin 543/tcp kshell 544/tcp cmd # no passwords used In addition, the usual Kerberos configuration files, /etc/srvtab and /etc/k_in_tkts must be properly set up; see bcn for more information on the required changes. Also, new entries are required in the Kerberos database to enable a particular user to use services. Please report problems and bugs to mtc. mtc