[OpenAFS] AFS rsh token passing

Brandon S. Allbery KF8NH allbery@ece.cmu.edu
Mon, 30 Oct 2006 19:37:46 -0500

On Oct 30, 2006, at 19:15 , Rich Sudlow wrote:

> What's the best replacement for the old AFS rsh and
> Transarc inetd which does token passing?

openssh with the hpn patches.

The final release of kth-krb4 has an rsh / rshd which forwards  
Kerberos 4 tickets and can generate tokens from them.  This of course  
has the problem that it's only krb4.

Older (pre-0.6) heimdal has an rsh / rshd which will forward krb5  
tickets and generate tokens from them.  You could try porting them to  
newer heimdal, but the heimdal folks (along with pretty much everyone  
else) are of the opinion that rsh is insecure by nature and should  
just die.  In a restricted network cluster environment you might  
still want to give them a try, though.

brandon s. allbery    [linux,solaris,freebsd,perl]     allbery@kf8nh.com
system administrator [openafs,heimdal,too many hats] allbery@ece.cmu.edu
electrical and computer engineering, carnegie mellon university    KF8NH