Date: Fri, 23 Feb 1996 12:45:42 -0500 (EST) From: Brian Tao <taob@io.org> To: cschuber@orca.gov.bc.ca Cc: FREEBSD-SECURITY-L <freebsd-security@FreeBSD.org> Subject: Re: Informing users of cracked passwords? Message-ID: <Pine.BSF.3.91.960223123339.18637M-100000@zip.io.org> In-Reply-To: <199602231722.JAA27776@passer.osg.gov.bc.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 23 Feb 1996, Cy Schubert - BCSC Open Systems Group wrote:
>
> One could use TCP/Wrapper to restrict the effectiveness of "r" commands to hosts
> that you trust thereby negating any entries users have put in their .rhosts
> files of hosts that you don't trust.
I have tcpd running here, but it only refuses connects for hosts
with no reverse DNS or with mismatched forward/reverse records. Since
a lot of our users telnet in from elsewhere, I can't maintain a list
of "trusted" hosts (this is for an ISP, after all).
I could disable .rhosts, but that raises another question. Is it
better to allow users to rlogin from an untrusted host to your system,
or to force them to authenticate themselves each time and have
cleartext passwords flying over the network?
It would be so much easier if access was only through modem
dialup, and we didn't have to rely on NFS or a distributed password
system, or give shell access, etc., etc. :-/
--
Brian Tao (BT300, taob@io.org)
Systems Administrator, Internex Online Inc.
"Though this be madness, yet there is method in't"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960223123339.18637M-100000>