Path: utzoo!mnetor!uunet!husc6!tut.cis.ohio-state.edu!mailrus!ames!pasteur!ucbvax!ATHENA.MIT.EDU!mar
From: mar@ATHENA.MIT.EDU
Newsgroups: comp.protocols.tcp-ip
Subject: rsh equivalent
Message-ID: <8803021705.AA20293@TOTO.MIT.EDU>
Date: 2 Mar 88 17:05:29 GMT
References: <23511@hi.unm.edu>
Sender: usenet@ucbvax.BERKELEY.EDU
Organization: The Internet
Lines: 20

I can't promise RFC conformance, but there is a way to make the
Berkeley r programs secure, and at least this change is documented.

I'm talking about the Kerberos authentication service.  It was
developed at MIT by Cliff Neuman, Jeff Schiller, and Jenifer Steiner
among others, and is a trusted third-party key distribution system, as
described by Needham and Schroeder.  It allows a client and a server
to both authenticate the entity at the other end of a connection, and
to exchange a session key which may be used for encryption.  Passwords
are never sent over the network in cleartext.

MIT's Project Athena has local versions of all of the Berkely r
programs that attempt to exchange Kerberos authenticators, before
falling back to the old-style authorization of .rhosts files.

For more info, see "Kerberos: An Authentication Service for Open
Network Systems" in the Winter 1988 Usenix Proceedings, or send mail
to steiner@ATHENA.MIT.EDU.  The new vesion of the code is going into
beta release now, and will be generally available later this year.
					-Mark