Path: utzoo!utgpu!watserv1!watmath!att!tut.cis.ohio-state.edu!cs.utexas.edu!yale!mintaka!Mintaka!map
From: MAP@LCS.MIT.Edu (Michael A. Patton)
Newsgroups: comp.protocols.kerberos
Subject: Re: Questions about ksu
Message-ID: <MAP.90Dec16101546@gaak.LCS.MIT.Edu>
Date: 16 Dec 90 15:15:46 GMT
References: <1990Dec15.173149.23150@eng.umd.edu>
Sender: daemon@mintaka.lcs.mit.edu (Lucifer Maleficius)
Organization: MIT Laboratory for Computer Science
Lines: 9
In-Reply-To: nero@eng.umd.edu's message of 15 Dec 90 17:31:49 GMT

In article <1990Dec15.173149.23150@eng.umd.edu> nero@eng.umd.edu (Oren L. Stern) writes:
   If you rlogin to a machine and then ksu, you are typing the password in the
   clear over the network.

Unless the initial rlogin is rlogin -x, then the connection is
encrypted.  Some sysmgr types around here do that as a matter of
course, so they never need to worry about passwords (but if you care
about security, you should stop every time you type your password and
think who is getting to look at it).