rsh equivalent


mar@ATHENA.MIT.EDU
Wed, 2 Mar 88 12:05:29 EST


I can't promise RFC conformance, but there is a way to make the
Berkeley r programs secure, and at least this change is documented.

I'm talking about the Kerberos authentication service. It was
developed at MIT by Cliff Neuman, Jeff Schiller, and Jenifer Steiner
among others, and is a trusted third-party key distribution system, as
described by Needham and Schroeder. It allows a client and a server
to both authenticate the entity at the other end of a connection, and
to exchange a session key which may be used for encryption. Passwords
are never sent over the network in cleartext.

MIT's Project Athena has local versions of all of the Berkely r
programs that attempt to exchange Kerberos authenticators, before
falling back to the old-style authorization of .rhosts files.

For more info, see "Kerberos: An Authentication Service for Open
Network Systems" in the Winter 1988 Usenix Proceedings, or send mail
to to steiner@ATHENA.MIT.EDU. The new vesion of the code is going into
beta release now, and will be generally available later this year.
                                        -Mark



This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:41:30 GMT