From owner-freebsd-hackers  Fri Nov 24 10:15:47 1995
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id KAA11093
          for hackers-outgoing; Fri, 24 Nov 1995 10:15:47 -0800
Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.211])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id KAA11084
          for <freebsd-hackers@freefall.freebsd.org>; Fri, 24 Nov 1995 10:15:34 -0800
Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id LAA09917; Fri, 24 Nov 1995 11:10:00 -0700
From: Terry Lambert <terry@lambert.org>
Message-Id: <199511241810.LAA09917@phaeton.artisoft.com>
Subject: Re: rlogin is blocked for quite a long time
To: alexis@harley.ios.com (Alexis Yashkov)
Date: Fri, 24 Nov 1995 11:09:59 -0700 (MST)
Cc: kuku@gilberto.physik.rwth-aachen.de, maral@webnet.com.au,
        freebsd-hackers@freefall.freebsd.org
In-Reply-To: <199511230525.AAA03458@harley.ios.com> from "Alexis Yashkov" at Nov 23, 95 00:25:39 am
X-Mailer: ELM [version 2.4 PL24]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Content-Length: 1346      
Sender: owner-hackers@FreeBSD.ORG
Precedence: bulk

> > > > > When I rlogin into blues.physik.rwth-aachen (-current), log out
> > > > > and try to login in right again I'm getting after a minute's
> > > > > pause a connection refused.
> > > > 
> > > > I've been annoyed by this one, too.  Often.  Even for nearby
> > > > connections (e.g. uriah.heep.sax.de <-> sax.sax.de, one hop; or even
> > > > on a local ethernet).
> > > 
> > > Im using rsh over local ether on Win95 to run xterm's.
> > > 
> > > In .rhosts I have the hostname and the FQDN and it seems ok.
> > > 
> > > ie.
> > > gate
> > > gate.co.uk
> 
> Why should I put short names in .rhosts? I don't think this
> problem has something to do with name resolution.

Because the getpeername() call is used to determine the remote machine
name and if you have not correctly set your system up in the local
domain, then the local domain name will not be stripped, and the FQDN
will be used for verification.

The semantics are so icarus.foo.com and icarus.weber.edu (for instance)
aren't treated as if they are the same machine "icarus" in the local
domain.

Letting anyone with the ability to mung their local DNS record to one
of your host names into your machines without challenging for a password.


					Terry Lambert
					terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.