From mtc@ATHENA.MIT.EDU Mon Jun 30 16:49:26 1986
Subject: initial version of kerberos-authenticated rlogin etc
Date: Mon, 30 Jun 86 16:47:04 -0500
From: Mark Colan <mtc@ATHENA.MIT.EDU>
This memo describes the use of the initial version of the remote
services (rlogin, rcp, rsh) that use Kerberos authentication.
This software is still in slightly rough shape and is will be
undergoing some development for the next week or so, depending
on the types of bugs found.
At the moment, these programs use a very slightly modified "protocol"
from the original utilities. A new protocol may be developed if
Athena mgt decides that this is appropriate use of resources.
INSTALLING THE SOFTWARE
The following files are located in goanna:krb/bin. They can be
installed in any directory on the host machine, but a symbolic
link /krb must point to their home.
rshd,kshd remote shell daemon; same file, different links
rlogind,klogind login daemon; same file, different links
rlogin,rcp,rsh the user programs to access remote services
login called by rlogind
Note that rlogin, rcp, and rsh must be owned by root and set uid, as in:
chown root rlogin rcp rsh
chmod 4555 rlogin rcp rsh
Two files require new entries to use these programs.
/etc/inetd.conf: Add these two lines at the end of the file:
kshell stream tcp nowait root /krb/kshd kshd
klogin stream tcp nowait root /krb/klogind klogind
After updating /etc/inetd.conf, you must cycle inetd to get it
to read the changes:
ps -aux | grep inetd
kill -9 where came from the ps, above.
/etc/services: Add these lines somewhere in the file:
# Kerberos-authenticated services
kshell 544/tcp cmd # no passwords used
In addition, the usual Kerberos configuration files, /etc/srvtab and
/etc/k_in_tkts must be properly set up; see bcn for more information
on the required changes. Also, new entries are required in the
Kerberos database to enable a particular user to use services.
Please report problems and bugs to mtc.