Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!swrinde!elroy.jpl.nasa.gov!sdd.hp.com!spool.mu.edu!snorkelwacker.mit.edu!bloom-picayune.mit.edu!athena.mit.edu!jtkohl From: jtkohl@MIT.EDU (John T Kohl) Newsgroups: comp.unix.ultrix Subject: Re: MacX and Ultrix 4.0 Message-ID: Date: 1 Mar 91 20:57:29 GMT References: Sender: news@athena.mit.edu (News system) Organization: MIT Project Athena Lines: 23 In-Reply-To: barnett@grymoire.crd.ge.com's message of 1 Mar 91 18:08:37 GMT In article barnett@grymoire.crd.ge.com (Bruce Barnett) writes: > The release notes of MacX 1.1 says there is a problem with Ultrix 4.0 > and the rexecd daemon... > Does anyone understand why there is a problem? Is there a new protocol > or authentication done (aka Kerberos?). Which vendor should I flame? :-) Flame the vendor of MacX for using rexecd. rexecd is an ancient daemon which asks for username and password in cleartext. Using it on an open network is not advisable. The workstations at MIT Project Athena don't run it. Nothing in 4.3BSD source calls the library routines which contact it. You shouldn't use it either. [rshd is slightly better, in that it doesn't let you type a password, but it does rely on IP addresses. They can be forged, but it takes more work than it does to steal a password.] -- John Kohl or Digital Equipment Corporation/Project Athena (The above opinions are MINE. Don't put my words in somebody else's mouth!)