sgk@ROBIN.MITRE.ORG (Sharon G. Kass) (01/25/91)
Hi, I noticed a posting (from some time back) regarding Kerberized rlogin, and other bsd applications. The question was posted by Don Proctor. His reply did not give the solution but it did thank you for helping him. Since I now find myself with the exact same question, I hoped you would be able to help. I hope this is not inappropriate. This is my situation: I've got Kerberos server running on a SPARC running 4.1 and the Kerberized bsd clients installed in another (kerberos client) SPARC also running 4.1. I've renamed the rlogin Kerberos executable to MYrlogin (after fixing the argv[0] check in rlogin.c) so that other users will not be affected. I've registered the rcmd service for the client instance on the Kerberos server, and am trying to login from the client to the server (i.e., the Kerberos server is also the rlogin server for this case). I added /etc/inetd.conf entries on the server for klogin, eklogin and kshell. Also on the server machine I've got /etc/services entries for klogin and eklogin (not sure how the knetd entry in /etc/services is used). The same /etc/service entries are on the client machine. I wasn't sure what port to use: I picked 513 which is the login port on this machine. Perhaps my choice of port is screwing things up. Here's the error I'm getting: aristotle14> MYrlogin milton rlogind: Permission denied. Krlogin: Kerberos rcmd failed: rcmd protocol failure. trying normal rlogin (/usr/ucb/rlogin.ucb) The rlogind code shows this error being generated early in the code when checking socket information (fromp). I must be not understanding something fundamental. Could you share with me your solution or any comments? Thanks very much in advance! Sharon Kass sgk@mbunix.mitre.org 617-271-2178
jon@MIT.EDU (Jon A. Rochlis) (01/25/91)
I added /etc/inetd.conf entries on the server for klogin, eklogin and kshell. Also on the server machine I've got /etc/services entries for klogin and eklogin (not sure how the knetd entry in /etc/services is used). Ignore knetd, it's obsolete. The same /etc/service entries are on the client machine. I wasn't sure what port to use: I picked 513 which is the login port on this machine. We use 543 for kerberos rlogin. 513 is the normal rlogin port. This could indeed cause confusion, but I don't think it's your problem. The permission denied makes me suspect that you did not install the rlogin binary setuid root. I would guess it's trying to bind a "priviledged" port (I know that's a dumb concept given a real authentication system, we probably just didn't touch that part of the rlogin code). -- Jon