Date: Fri, 24 Nov 1995 11:09:59 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: alexis@harley.ios.com (Alexis Yashkov) Cc: kuku@gilberto.physik.rwth-aachen.de, maral@webnet.com.au, freebsd-hackers@freefall.freebsd.org Subject: Re: rlogin is blocked for quite a long time Message-ID: <199511241810.LAA09917@phaeton.artisoft.com> In-Reply-To: <199511230525.AAA03458@harley.ios.com> from "Alexis Yashkov" at Nov 23, 95 00:25:39 am
next in thread | previous in thread | raw e-mail | index | archive | help
> > > > > When I rlogin into blues.physik.rwth-aachen (-current), log out > > > > > and try to login in right again I'm getting after a minute's > > > > > pause a connection refused. > > > > > > > > I've been annoyed by this one, too. Often. Even for nearby > > > > connections (e.g. uriah.heep.sax.de <-> sax.sax.de, one hop; or even > > > > on a local ethernet). > > > > > > Im using rsh over local ether on Win95 to run xterm's. > > > > > > In .rhosts I have the hostname and the FQDN and it seems ok. > > > > > > ie. > > > gate > > > gate.co.uk > > Why should I put short names in .rhosts? I don't think this > problem has something to do with name resolution. Because the getpeername() call is used to determine the remote machine name and if you have not correctly set your system up in the local domain, then the local domain name will not be stripped, and the FQDN will be used for verification. The semantics are so icarus.foo.com and icarus.weber.edu (for instance) aren't treated as if they are the same machine "icarus" in the local domain. Letting anyone with the ability to mung their local DNS record to one of your host names into your machines without challenging for a password. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199511241810.LAA09917>