Date: Sun, 19 Nov 1995 16:00:39 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: peter@jhome.DIALix.COM (Peter Wemm) Cc: current@FreeBSD.ORG Subject: Re: rlogind wont allow root without password... rshd will. Message-ID: <199511192300.QAA01780@phaeton.artisoft.com> In-Reply-To: <Pine.BSF.3.91.951119120853.16172F-100000@jhome.DIALix.COM> from "Peter Wemm" at Nov 19, 95 12:21:34 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> As root: > I can do "rsh freebsdmachine sh -i" and get a root shell. > I cannot do a "rlogin freebsdmachine" - it asks for a password. > > I think this is a futile attempt at "security-through-inconvenience" > (worse than the infamous security-through-obscurity) as it achieves > nothing but force people to use the non-wtmp-logged facility. You have convinced me. Someone needs to fix rsh so that the attempt is not futile. Root access should require an explicit .rhosts; the rlogin is failing correctly, apparently in a hosts.equiv case? You haven't really documented the environment that allows the rsh to succeed so that it can be fixed... Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199511192300.QAA01780>