fre 2023-12-29 klockan 23:09 +0100 skrev Guillem Jover: > Control: tag -1 moreinfo > > Hi! > > On Fri, 2023-12-29 at 20:03:33 +0100, Simon Josefsson wrote: > > Package: inetutils > > Severity: wishlist > > > I noticed that netkit-rsh is orphaned and there are even requests > > to > > remove it: > > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1041864 > > > > That is stalled because there are two reverse dependencies that > > allegedly uses: pdsh and pvm. > > > > I was thinking that the inetutils package could provide the rsh- > > client > > and rsh-server packages, allowing netkit-rsh to be removed from > > Debian. > > Currently the Debian packaging of inetutils doesn't build rsh/rshd > > though. > > > > What do you think? > > This crosses my mind some time ago, and started preparing the > changes, > but then stopped when I realized these clients and daemons would end > up with no Kerberos 5 support (they seem to have Shishi support but > the > packaging was switched away from that, and rexec* has no Kerberos > support > whatsoever), which made me rather uncomfortable. See the following > old branches which I've just rebased and pushed: > > > https://git.hadrons.org/cgit/debian/pkgs/inetutils.git/commit/?h=pu/rsh > > https://git.hadrons.org/cgit/debian/pkgs/inetutils.git/log/?h=pu/rexec > > I realize that would be no worse than the current netkit > implementations > (AFAICT), but I'd rather not maintain these clients/servers if they > do > not even have an option for secure connections.
Ah, I had forgotten about this (if I ever knew about it). But looking at src/rsh*.c in inetutils there is plenty of Kerberos stuff in it. Doesn't it work? We build inetutils against MIT Kerberos V5 in GitLab CI/CD: https://gitlab.com/jas/inetutils/-/jobs/5836939514 I think there is value in having a plaintext-able rsh and rshd available for interacting with ancient systems. The current netkit-rsh package does not support Kerberos. I feel it may be more appropriate to replace netkit-rsh with a inetutils-rsh of the same feature-set rather than with a Kerberos-enabled variant. Offering both would be even better. But simply enabling Kerberos V5 for rsh/rsh in inetutils and ship that is probably sufficient and resolves all concerns. /Simon
signature.asc
Description: This is a digitally signed message part
