[7269] in Kerberos
Re: Kerberized RCP
daemon@ATHENA.MIT.EDU (Jonathan Kamens)
Tue May 14 05:39:29 1996
To: kerberos@MIT.EDU
Date: 14 May 1996 09:30:03 GMT
From: jik@annex-1-slip-jik.cam.ov.com (Jonathan Kamens)
In article <31978F9B.167EB0E7@baynetworks.com>, Jeff Dietz <jdietz@baynetworks.com> writes:
|> If I have two workstations, Fred and Barney, and I am logged into Fred
|> and wish to use (kerberized) rcp to copy a file from Barney to Fred,
|> does Barney end up sending a message to the ticket-granting service for
|> a new session key, the session being the act of writing from Barney to
|> Fred's file system?
If you haven't done any Kerberized interaction with Barney since you
obtained your initial ticket, then yes, of course you have to get an
"rcmd" (V4) or "host" (V5) ticket from the TGS in order to authenticate
yourself to Barney.
If you have already done a previous Kerberized interaction with Barney
since getting your initial ticket, then there's probably already a
ticket for Barney in your credential cache, so you don't have to get
another one.
In any case, the ticket is used by rcp to authenticate itself to rshd
on Barney, and perhaps also to determine the session key for encryption
if you requested encryption. "Writing to Fred's file system" is
accomplished by local UNIX system calls, which have nothing to do with
Kerberos, so I'm not sure why you mentioned it.
