diff --git a/README b/README index 44898a5122..f640a7478c 100644 --- a/README +++ b/README @@ -64,11 +64,6 @@ A. Creating the proper directory structure. headers for your configured kernel can be found. See the system-specific Notes sections below for details. - Be prepared to provide the switches --enable-obsolete and - --enable-insecure if you require the use of any bundled but obsolete - or insecure software included with OpenAFS. See README.OBSOLETE and - README.SECURITY for more details. - There are two modes for directory path handling: "Transarc mode" and "default mode": - In Transarc mode, we retain compatibility with Transarc/IBM AFS tools by putting client configuaration files in /usr/vice/etc, and server diff --git a/README.SECURITY b/README.SECURITY deleted file mode 100644 index e8f2fe2c5f..0000000000 --- a/README.SECURITY +++ /dev/null @@ -1,25 +0,0 @@ -The inetd, rcp, rlogind and rsh directories contain AFS authentication (token) -passing support for their respective utilities. We are not removing these -utilities as some sites may still be using them, but we *strongly discourage* -their use. These utilities don't encrypt user traffic, and they also don't -encrypt the AFS tokens. This means an attacker can capture the data and recover -a valid authentication token, and use it to perform authenticated operations. - -Consider foregoing the rcmds altogether and using ssh. You can get Dug Song's -ssh patch to support AFS here: -http://www.monkey.org/~dugsong/ssh-afs/ -but you'll also need to install Kerberos 4 for libraries (which isn't a bad -idea anyhow). The KTH implementation includes the AFS helper library libkafs, -and so is desirable: -ftp://ftp.pdc.kth.se/pub/krb/src/ - -As a side effect, the insecure, but AFS aware ftpd included in AFS can be -replaced by the ftpd included in the above-mentioned Kerberos package, as it -has RFC2228 security extensions. - -In any case, carefully consider the security implications before deploying -these utilities. - -To enable building of the insecure code included with OpenAFS, run -configure with the --enable-insecure switch. -