The Secure Remote Utilities
The current release of DCE provides secure versions of the following utilities, based on the BSD 4.4-Lite versions:
· rlogin/rlogind
· rsh/rshd
When a client uses a secure remote Kerberos V5 utility such as rsh or rlogin to connect to the server daemon, the server daemon requests authentication. The remote utilities authenticate the identity of the client and server to each other in a secure way. The secure remote utilities also authorize users to access an account on a remote system. This is done through the transmission of encrypted tickets rather than through the traditional password mechanism. The traditional password mechanism, used with nonsecure remote utilities, sends the password in a readable form (unencrypted) over the network. This creates a security risk from intruders who may be listening over the network. The main benefit of running the secure remote utilities is that user authorization no longer requires transmitting a password in a readable form over the network.
For the secure rlogin utility and rlogind server, Kerberos V5 authentication involves sending encrypted tickets instead of a readable password over the network to verify and identify the user. The secure rsh utility, when used with a command, and the rshd server ensure that the user is authorized to access the remote account. If rsh is used without a specified command, rlogin and rlogind are invoked.
If any secure remote utility is installed in an environment in which some of the remote systems are not secure, the clients will try accessing those remote systems without using Kerberos authentication.
More:
Related Kerberos Terms and Concepts
Components of the Secure Environment
Remote Utility Interoperability