From: Derrick Brashear Date: Sat, 4 Nov 2000 22:20:51 +0000 (+0000) Subject: For people who don't know any better X-Git-Tag: openafs-devel-license-update~1 X-Git-Url: https://git.openafs.org/?p=openafs.git;a=commitdiff_plain;h=6a0f3dc94a49eba1e3fa6a4cd2c21bff4984c6af For people who don't know any better --- diff --git a/src/README.SECURITY b/src/README.SECURITY new file mode 100644 index 0000000..d23e764 --- /dev/null +++ b/src/README.SECURITY @@ -0,0 +1,22 @@ +The inetd, rcp, rlogind and rsh directories contain AFS authentication (token) +passing support for their respective utilities. We are not removing these +utilities as some sites may still be using them, but we *strongly discourage* +their use. These utilities don't encrypt user traffic, and they also don't +encrypt the AFS tokens. This means an attacker can capture the data and recover +a valid authentication token, and use it to perform authenticated operations. + +Consider foregoing the rcmds altogether and using ssh. You can get Dug Song's +ssh patch to support AFS here: +http://www.monkey.org/~dugsong/ssh-afs/ +but you'll also need to install Kerberos 4 for libraries (which isn't a bad +idea anyhow). The KTH implementation includes the AFS helper library libkafs, +and so is desirable: +ftp://ftp.pdc.kth.se/pub/krb/src/ + +As a side effect, the insecure, but AFS aware ftpd included in AFS can be +replaced by the ftpd included in the above-mentioned Kerberos package, as it +has RFC2228 security extensions. + +In any case, carefully consider the security implications before deploying +these utilities. +