From owner-freebsd-security Tue Feb 27 01:09:23 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.3/8.7.3) id BAA20003 for security-outgoing; Tue, 27 Feb 1996 01:09:23 -0800 (PST) Received: from mistery.mcafee.com (root@mistery.mcafee.com [192.187.128.69]) by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id BAA19998 for ; Tue, 27 Feb 1996 01:09:17 -0800 (PST) Received: (from jimd@localhost) by mistery.mcafee.com (8.6.11/8.6.9) id AAA01133; Tue, 27 Feb 1996 00:17:22 -0800 From: Jim Dennis Message-Id: <199602270817.AAA01133@mistery.mcafee.com> Subject: Re: Informing users of cracked passwords? To: taob@io.org (Brian Tao) Date: Tue, 27 Feb 1996 00:17:21 -0800 (PST) Cc: cschuber@orca.gov.bc.ca, freebsd-security@FreeBSD.ORG In-Reply-To: from "Brian Tao" at Feb 26, 96 08:08:14 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@FreeBSD.ORG Precedence: bulk > > On Fri, 23 Feb 1996, Cy Schubert - BCSC Open Systems Group wrote: > > > > ALL EXCEPT rlogind rshd rexecd fingerd: ALL > > rlogind rshd rexecd: .io.org > > > > These two lines restrict rlogin, rsh, and rexec to hosts within the io.org > > domain while allowing connections to all other services from anywhere in the > > world. > > Yes, that sounds like a good idea to me. I'm toying with the idea > of disallowing rlogin and rsh connections from outside the io.org > domain and forcing users to supply passwords through a telnet > connection. Is there anything wrong with his idea? I know users will > kick and scream about it, but I can't think of any reason other than > security vs. convenience issues. > -- Anyone who kicks about the "inconvenience" of supplying a password to telnet should seriously consider learning 'expect' (on their *ix systems) or getting a script capable telnet client (on other systems). Give them a fish, feed them for a day, give them a scripting language ....