From owner-freebsd-current  Sun Nov 19 15:02:58 1995
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id PAA08281
          for current-outgoing; Sun, 19 Nov 1995 15:02:58 -0800
Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.211])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id PAA08270
          for <current@FreeBSD.ORG>; Sun, 19 Nov 1995 15:02:53 -0800
Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id QAA01780; Sun, 19 Nov 1995 16:00:39 -0700
From: Terry Lambert <terry@lambert.org>
Message-Id: <199511192300.QAA01780@phaeton.artisoft.com>
Subject: Re: rlogind wont allow root without password... rshd will.
To: peter@jhome.DIALix.COM (Peter Wemm)
Date: Sun, 19 Nov 1995 16:00:39 -0700 (MST)
Cc: current@FreeBSD.ORG
In-Reply-To: <Pine.BSF.3.91.951119120853.16172F-100000@jhome.DIALix.COM> from "Peter Wemm" at Nov 19, 95 12:21:34 pm
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 792       
Sender: owner-current@FreeBSD.ORG
Precedence: bulk

> As root:
> I can do "rsh freebsdmachine sh -i" and get a root shell.
> I cannot do a "rlogin freebsdmachine" - it asks for a password.
> 
> I think this is a futile attempt at "security-through-inconvenience" 
> (worse than the infamous security-through-obscurity) as it achieves 
> nothing but force people to use the non-wtmp-logged facility.

You have convinced me.  Someone needs to fix rsh so that the attempt
is not futile.  Root access should require an explicit .rhosts; the
rlogin is failing correctly, apparently in a hosts.equiv case?

You haven't really documented the environment that allows the rsh to
succeed so that it can be fixed...


					Terry Lambert
					terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.