[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-inetutils] Present libshishi support.
|
From: |
Simon Josefsson |
|
Subject: |
Re: [bug-inetutils] Present libshishi support. |
|
Date: |
Thu, 09 Aug 2012 15:00:13 +0200 |
|
User-agent: |
Gnus/5.130006 (Ma Gnus v0.6) Emacs/23.3 (gnu/linux) |
Mats Erik Andersson <address@hidden> writes:
> Let me therefore continue to mention imaginable additions
> to our present state:
>
> * I will rename the option
>
> --servername=localhost
>
> as
>
> --server-name=localhost
>
> in order to comply with the naming in Shishi.
> Momentarily this concerns rshd and rlogind.
> Should also telnetd offer this switch?
I think that would be useful.
Btw, I noticed that MIT/Heimdal telnet has a '-k realm' parameter to
override the realm of the remote host. That could be useful too.
> * Could the above be extended to allow
>
> address@hidden
>
> or even
>
> --server-name=rsh/address@hidden
>
> with increasing degree of replacing the default
>
> host/address@hidden ?
Yeah, maybe that is even better. A value of @REALM could indicate that
you only want to override the remote realm. However, the name of the
switch is a bit strange then, --server-principal maybe?
> * In non-Kerberized setting there is "-l/--no-rhosts"
> to depreciate the equivalence file "$HOME/.rhosts".
> Should we introduce "--no-k5login" for the Kerberized
> setting, or could the old switches be overloaded to
> disable access to "$HOME/.k5login" for a server running
> a Kerberized service? Should we introduce "--no-basic-auth"
> to disable authorization type "basic"?
I don't think we should overload switches. I don't think the rest is of
high priority, I wouldn't know when people would want to use those switches.
> * [Important] We must thoroughly test and evaluate the
> intended distinctions between
>
> telnetd -k -a off
>
> telnetd -k -a none
>
> telnetd -k -a user
>
> telnetd -k -a valid
>
> making sure that they land accurately at the intended
> authorization level. The latter two are to be given
> priority on behalf of our users.
Yeah, this is a bit of a mess.
> In the longer perspective, two coding efforts are welcome:
>
> * Extend rcp with encryption, as authentication was
> implemented by myself earlier this summer.
Inspiration could be drawn from extra/rsh-redone/ in Shishi.
> * Making ftp and ftpd able to use libshishi would make
> GNU Inetutils a strong collection of utilities!
Indeed!
/Simon
- Re: [bug-inetutils] Present libshishi support., Simon Josefsson, 2012/08/08
- Re: [bug-inetutils] Present libshishi support., Mats Erik Andersson, 2012/08/08
- Re: [bug-inetutils] Present libshishi support.,
Simon Josefsson <=
- Re: [bug-inetutils] Present libshishi support., Mats Erik Andersson, 2012/08/09
- Re: [bug-inetutils] Present libshishi support., Simon Josefsson, 2012/08/09
- Re: [bug-inetutils] Present libshishi support., Mats Erik Andersson, 2012/08/15
- Re: [bug-inetutils] Present libshishi support., Simon Josefsson, 2012/08/15
- Re: [bug-inetutils] Present libshishi support., Mats Erik Andersson, 2012/08/15
- Re: [bug-inetutils] Present libshishi support., Simon Josefsson, 2012/08/15
- Re: [bug-inetutils] Present libshishi support., Simon Josefsson, 2012/08/15