Re^5: Windows Service Pack Information

You mean that the Windows version actually bases its authentication on something more robust than the source IP, a low port number, and who you claim to be and that it doesn't send potentially sensitive traffic over the wire in the clear?

Yes. From the docs:

TCP/IP Remote Utilities
The tools described in this appendix allow a network administrator to manage network computers from a distance. Many are similar to UNIX utilities. In This Appendix:
Finger
Ftp
Rcp
Rexec
Rsh
Telnet
Tftp

Note: All passwords used by Windows networking services are encrypted. However, the Ftp, and Rexec connectivity tools all rely on cleartext password authentication by the remote computer. Cleartext passwords are not encrypted before being sent over the network. This enables another user equipped with a network analyzer on the same network to steal a user's remote account password. For this reason, choose different passwords from those used for Windows 2000–based computers or domains when connecting to non-Microsoft remote computers with the Ftp, Rexec, or Telnet tools. Note that the protocols themselves prohibit encryption; cleartext passwords are not a standard that Microsoft encourages.

Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.

"Science is about questioning the status quo. Questioning authority".

In the absence of evidence, opinion is indistinguishable from prejudice.

"Too many [] have been sedated by an oppressive environment of political correctness and risk aversion."

Comment on Re^5: Windows Service Pack Information

Replies are listed 'Best First'.
Re^6: Windows Service Pack Information by Fletch (Bishop) on Apr 17, 2008 at 22:18 UTC
Erm . . . However, the Ftp, and Rexec connectivity tools all rely on cleartext password authentication by the remote computer. Cleartext passwords are not encrypted before being sent over the network. This enables another user equipped with a network analyzer on the same network to steal a user's remote account password. And reading what I presume to be the rshsvc docs says that it depends on the same "if it looks like the right host come on in" access checks that the original forms provide. Once you let one user in passwordless through a .rhosts you've put a screen door that anyone that can spoof traffic can open. It's a network hygiene thing; 99.9% of the time it may be find that you leave your car unlocked because you park in a private deck, but by refusing to take a trivial step (getting in the habit of locking your car; installing something that's not an open vulnerability waiting to happen) you've only got yourself to blame that one time when a miscreant makes it past the other layers. Live dangerously if you like, just be careful cavalierly advising others to do the same without letting them know there's risks involved. That's all. The cake is a lie. The cake is a lie. The cake is a lie.	[reply]
Re^7: Windows Service Pack Information by BrowserUk (Patriarch) on Apr 17, 2008 at 23:27 UTC
Microsoft® Windows® Services for UNIX 3.5 has nothing to do with the TCP/IP Remote Utilities. Nothing. Compeletely different animals for entirely different purposes. The former has to operate as the nix tools do, in order that it can iteroperate with them. The clue is in the title. The rsh that comes with OS uses the same NT Auth mechanism used by the OS itself. That is, you have to be authorised at the domain, subject to all the same controls, restrictions and ACLs as if you were stting at the machine itself. Identical. Once you let one user in passwordless It's a network hygiene thing; Live dangerously if you like, just be careful cavalierly advising others to do the same without letting them know there's risks involved. That's all.* None of this applies....... to the native rsh utility. None. Not one iota. Zip. Nadda. When you know what you are talking about (win32!!!!!!!), then give me lectures on the subject. Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error. "Science is about questioning the status quo. Questioning authority". In the absence of evidence, opinion is indistinguishable from prejudice. "Too many [] have been sedated by an oppressive environment of political correctness and risk aversion."	[reply]
Re^8: Windows Service Pack Information by Fletch (Bishop) on Apr 18, 2008 at 03:06 UTC
Fine, it can be set to use NTLM between WIndows hosts. If that's the case then I stand corrected on that. Then again you can of course point to the simple instructions to do NTLM authentication using Solaris rsh to a Windows host (as the OP is trying to do). And the magic incantation that will make rsh encrypt its traffic so sensitive information (aside from authentication tokens) isn't sent in the clear. OpenSSH is open, cross platform, under active development, and secure. Windows rsh is closed source, doesn't support secure authentication cross platform (without going through whatever arcane machinations are needed to get not-Windows talking NTLM), seems to be if not deprecated on the way out (going by this Vista document), and sends normal traffic in the clear. Again: choose wisely. The cake is a lie. The cake is a lie. The cake is a lie.	[reply]
Re^9: Windows Service Pack Information by BrowserUk (Patriarch) on Apr 18, 2008 at 03:50 UTC