Bug 167535
| Summary: | Require encryption for ktelnetd | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Dax Kelson <dkelson> |
| Component: | krb5 | Assignee: | Nalin Dahyabhai <nalin> |
| Status: | CLOSED RAWHIDE | QA Contact: | Brian Brock <bbrock> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 4 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | 1.4.2-3 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2005-09-06 15:50:58 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Dax Kelson
2005-09-04 16:21:26 UTC
Thinking about this more, I have a different proposal that extends how klogin is already configured. Today there are two xinetd config files for klogind. /etc/xinet.d/klogin /etc/xinet.d/eklogin (requires encryption with the -e switch) This way you can chkconfig on which ever one you want. A reasonable and sound approach. I propose this same scheme be extended to ktelnetd and kshell. So there exists: /etc/xinet.d/krb5-telnet /etc/xinet.d/ekrb5-telnet (requires encryption) /etc/xinet.d/kshell /etc/xinet.d/ekshell (requires encryption) That sounds good to me. Adding to 1.4.2-3. Hrm. I don't think I'm going to get behind changing the "kshell" service from encrypted to unencrypted though. That sounds like a nasty surprise, no matter how well documented it could be. |