[OpenAFS-devel] How can I use rsh to connect with AFS
Derrick J Brashear
shadow@dementia.org
Tue, 15 Jan 2002 17:11:16 -0500 (EST)
On Tue, 15 Jan 2002, Charles Clancy wrote:
> > --enable-insecure is needed at configure time to enable them, and that
> > option name is deliberate. Consider implications carefully before using
> > them
>
> Is your hesitance to use these utilities simply because they are as
> insecure as the standard r* utils, or are they particularly more insecure
> in some way? I thought someone had mentioned a while back that they
> hadn't been maintained, and were probably riddled with buffer overflows
> (like the ftpd-glob thing last year).
That, and consider with stock rcmds with (poor) IP auth you lose neither
your password nor your tokens without explicitly sending them. With this
people can have their tokens pilfered and may not realize the danger
given that they never typed a password.
-D