In the client, construct a checksum from the command line
and remote user and encode them in the authenticator. In the daemon,
if a checksum is present, verify it.
This change *should* make it possible to use rsh in a secure
fassion provided that you always use a client that has
checksumming.
If you do not use encrypted rsh, then the command line cannot be
spoofed,
but the standard input and output can still be spoofed.
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@7341
dc483132-0cff-0310-8789-
dd5450dbe970
projects / krb5.git / commit