russes@comton.DEC.COM (Bob Russes) (03/23/89)
I'm having trouble getting the "kerberized" rlogin to function between two of our systems. I'm able to obtain a ticket granting ticket from the server, but when I try to make use of it with rlogin, I get: rcmd: socket: Permission denied rlogin: Kerberos rcmd failed: rcmd protocol failure. trying normal rlogin (/usr/ucb/rlogin.ucb) What have I forgotten to do? Thanks, Bob
jik@athena.mit.edu (Jonathan I. Kamens) (03/28/89)
In article <231@ryn.DEC.COM> russes@comton.DEC.COM (Bob Russes) writes: > > rcmd: socket: Permission denied > rlogin: Kerberos rcmd failed: rcmd protocol failure. > trying normal rlogin (/usr/ucb/rlogin.ucb) > > What have I forgotten to do? Sounds like you haven't made the rlogin binary owned by root and setuid. The rlogin socket is a secure socket so only root can bind to it. Jonathan Kamens USnail: MIT Project Athena 410 Memorial Drive, No. 223F jik@Athena.MIT.EDU Cambridge, MA 02139-4318 Office: 617-253-4261 Home: 617-225-8218
kolk@shelby.Stanford.EDU (Dan Kolkowitz) (03/28/89)
I'm having trouble getting the "kerberized" rlogin to function between two of our systems. I'm able to obtain a ticket granting ticket from the server, but when I try to make use of it with rlogin, I get: rcmd: socket: Permission denied rlogin: Kerberos rcmd failed: rcmd protocol failure. trying normal rlogin (/usr/ucb/rlogin.ucb) What have I forgotten to do? My bet is that you've forgotten to make rlogin setuid root (owned by root and permission 4755, or something like that). rlogin cannot create a secure socket since it is not running as root. This seems to be an example of a clash between kerberos authentication and Unix authentication--the demand for a secure socket number (between 512 and 1024) is rlogin's proof that it is not a forged connection. Since the authentication of the user would obviously supercede this check it seems to me that this requirement for klogin could be removed (its always nice to get rid of another setuid program). Dan