The distinction, as I pointed out earlier, is that the rsh service is already installed, and possible running on the N tens, hundreds (thousands?) of internal systems the OP is trying to catalog.

Getting permission to role out a new piece of software, that doesn't use an approved authentication mechanism that integrates with Domain-level and/or Active Directory GINAs in any vaguely security aware MS-based organisation, would at best take months of negotiations and testing, and probably never happen.

And it doesn't need to be NT_AUTH... it can use any of the other Windows integrated Authentication mechanisms, including Kerberos, which is open, cross-platform, and perfectly secure.

As for the "send normal traffic in the clear": That's why I stipulated "a secure network". Within most secure, corporate networks, most normal traffic, from emails to file transfers is sent in the clear. That's the reason for DMZs, to isolate internal from external traffic.

Again: choose wisely.

Wise words. I was. 10 years ago when setting up an NT-based network for the government departments of an entire medium-sized European country. After a year of investigation and testing rsh (the Windows version with NT_AUTH) was deemed secure. Not by me, but by people who know. FUD doesn't cut it.