From 1378d6f01a11f0f733bdda45558a05ba27ebb029 Mon Sep 17 00:00:00 2001 From: Hans Insulander Date: Sat, 23 Jun 2001 22:14:32 +0000 Subject: Don't lie about Kerberos and encryption. Result of a conversation with pjanzen@ ok deraadt@ --- usr.bin/rlogin/rlogin.1 | 20 +++++++------------- usr.bin/rsh/rsh.1 | 11 +++++------ usr.bin/telnet/telnet.1 | 10 +++++----- 3 files changed, 17 insertions(+), 24 deletions(-) (limited to 'usr.bin') diff --git a/usr.bin/rlogin/rlogin.1 b/usr.bin/rlogin/rlogin.1 index 2683f974537..c569b35d6ae 100644 --- a/usr.bin/rlogin/rlogin.1 +++ b/usr.bin/rlogin/rlogin.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: rlogin.1,v 1.8 2001/05/01 17:58:04 aaron Exp $ +.\" $OpenBSD: rlogin.1,v 1.9 2001/06/23 22:14:30 hin Exp $ .\" $NetBSD: rlogin.1,v 1.4 1995/08/18 15:07:35 pk Exp $ .\" .\" Copyright (c) 1983, 1990, 1993 @@ -42,7 +42,7 @@ .Nd remote login .Sh SYNOPSIS .Ar rlogin -.Op Fl 8EKLdx +.Op Fl 8EKLd .Op Fl e Ar char .Op Fl k Ar realm .Op Fl l Ar username @@ -108,17 +108,6 @@ in realm .Ar realm instead of the remote host's realm as determined by .Xr krb_realmofhost 3 . -.It Fl x -The -.Fl x -option turns on -.Tn DES -encryption for all data passed via the -rlogin session. -This may impact response time and -.Tn CPU -utilization, but provides -increased security. .It Fl l Ar username The .Fl l @@ -203,3 +192,8 @@ will be replaced by in the near future. .Pp More of the environment should be propagated. +.Pp +.Nm +does currently not support encryption of the datastream when Kerberos +authentication is used. + diff --git a/usr.bin/rsh/rsh.1 b/usr.bin/rsh/rsh.1 index 8c06f6a26ee..6db16d75819 100644 --- a/usr.bin/rsh/rsh.1 +++ b/usr.bin/rsh/rsh.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: rsh.1,v 1.8 2000/11/09 17:52:35 aaron Exp $ +.\" $OpenBSD: rsh.1,v 1.9 2001/06/23 22:14:28 hin Exp $ .\" .\" Copyright (c) 1983, 1990 The Regents of the University of California. .\" All rights reserved. @@ -93,11 +93,6 @@ Redirect input from the special device (see the .Sx BUGS section of this manual page). -.It Fl x -Enable -.Tn DES -encryption for all data exchange. -This may introduce a significant delay in response time. .El .Pp If no @@ -181,3 +176,7 @@ Stop signals stop the local .Nm process only; this is arguably wrong, but currently hard to fix for reasons too complicated to explain here. +.Pp +.Nm +does currently not support encryption of the datastream when Kerberos +authentication is used. diff --git a/usr.bin/telnet/telnet.1 b/usr.bin/telnet/telnet.1 index fa60f48b8f5..cffff7782d4 100644 --- a/usr.bin/telnet/telnet.1 +++ b/usr.bin/telnet/telnet.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: telnet.1,v 1.27 2000/11/09 17:52:41 aaron Exp $ +.\" $OpenBSD: telnet.1,v 1.28 2001/06/23 22:14:27 hin Exp $ .\" $NetBSD: telnet.1,v 1.5 1996/02/28 21:04:12 thorpej Exp $ .\" .\" Copyright (c) 1983, 1990, 1993 @@ -84,7 +84,7 @@ option on both input and output. .It Fl E Stops any character from being recognized as an escape character. .It Fl F -If Kerberos V5 authentication is being used, the +If Kerberos 5 authentication is being used, the .Fl F option allows the local credentials to be forwarded to the remote system, including any credentials that @@ -143,7 +143,7 @@ If is omitted, then there will be no escape character. .It Fl f -If Kerberos V5 authentication is being used, the +If Kerberos 5 authentication is being used, the .Fl f option allows the local credentials to be forwarded to the remote system. .It Fl k Ar realm @@ -186,7 +186,7 @@ unless modified by the .Fl e option. .It Fl x -Turns on encryption of the data stream if possible. +Turns on encryption of the data stream if Kerberos is used. .It Ar host Indicates the official name, an alias, or the Internet address of a remote host. @@ -356,7 +356,7 @@ The .Ic encrypt command manipulates the information sent through the .Dv TELNET ENCRYPT -option. +option that's available when Kerberos is used. .Pp Valid arguments for the encrypt command are as follows: .Bl -tag -width Ar -- cgit v1.2.3