Date: Fri, 31 May 1996 11:15:33 -0700 (PDT) From: David Babler <dbabler@Rigel.orionsys.com> To: questions@FreeBSD.org Subject: Limiting access Message-ID: <Pine.BSF.3.91.960531105412.4658A-100000@Rigel.orionsys.com>
next in thread | raw e-mail | index | archive | help
Greetings... I need a sanity check on something. I'm running FreeBSD as
an adjunct to a BBS to provide users with shell accounts and general
access to newsreaders and so on. The BBS software provides all the
accounting and access control I need and by itself includes FTP, telnet,
rlogin and so on. If I simply create accounts for them on the FBSD system
and have them rlogin or telnet to it, I open a hole for them to bypass
the normal accounting associated with charging them for usage. For
instance, I have a number of subscription classes that allow access for a
specific amount of time per day. If I create an account for such a user
on the FBSD system, they could just as easily just find another place to
telnet from and their usage bypasses the BBS altogether, essentially
giving them far more access than they've paid for. My first thought of
how to limit this seems like it should work, but maybe there is a better
way to do it.
What I'm thinking of doing is to create their account on the FBSD system
and then use vipw to make their passwords un-enterable ("*") and have the
BBS in the etc/hosts.equiv file and use rlogin from the BBS. That way,
their security is handled by the BBS (and they don't need to remember
another password) and if they try to login from "outside", they can't
because they can't enter the password. Am I overlooking something or is
there some easily-exploitable hole in this?
Thanks!
-Dave Babler
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.960531105412.4658A-100000>