From owner-freebsd-questions  Fri May 31 16:43:04 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id QAA22775
          for questions-outgoing; Fri, 31 May 1996 16:43:04 -0700 (PDT)
Received: from gatekeeper.fsl.noaa.gov (gatekeeper.fsl.noaa.gov [137.75.131.181])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id QAA22766
          for <questions@freebsd.org>; Fri, 31 May 1996 16:43:02 -0700 (PDT)
Received: from emu.fsl.noaa.gov (kelly@emu.fsl.noaa.gov [137.75.60.32]) by gatekeeper.fsl.noaa.gov (8.7.5/8.7.3) with ESMTP id XAA24859; Fri, 31 May 1996 23:42:45 GMT
Message-Id: <199605312342.XAA24859@gatekeeper.fsl.noaa.gov>
Received: by emu.fsl.noaa.gov
	(1.40.112.3/16.2) id AA113376164; Fri, 31 May 1996 17:42:45 -0600
Date: Fri, 31 May 1996 17:42:45 -0600
From: Sean Kelly <kelly@fsl.noaa.gov>
To: fleisher@mind.net
Cc: dbabler@Rigel.orionsys.com, questions@freebsd.org
In-Reply-To: <2.2.32.19960531232202.006f54f8@mind.net> (message from Anthony D
	Fleisher on Fri, 31 May 1996 16:22:02 -0700)
Subject: Re: Limiting access
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

>>>>> "Anthony" == Anthony D Fleisher <fleisher@mind.net> writes:

    Anthony> Why not just use tcpwrappers to restrict access?

Because it might be OK to enter the FreeBSD system from the
network---such as from a remote access provider.  He wants to charge
for his local modem usage to the BBS.  (I think.)

    >> What I'm thinking of doing is to create their account on the
    >> FBSD system and then use vipw to make their passwords
    >> un-enterable ("*") and have the BBS in the etc/hosts.equiv file
    >> and use rlogin from the BBS. That way, their security is
    >> handled by the BBS (and they don't need to remember another
    >> password) and if they try to login from "outside", they can't
    >> because they can't enter the password. Am I overlooking
    >> something or is there some easily-exploitable hole in this?
    >> 
    Anthony> 1) What is stoping them from creating a .rhosts file (and
    Anthony> thus not required to enter a password)?

They won't be required to enter a password anyway since the BBS
hostname will appear in the FreeBSD's /etc/hosts.equiv file.

-- 
Sean Kelly                          
NOAA Forecast Systems Laboratory    kelly@fsl.noaa.gov
Boulder Colorado USA                http://www-sdd.fsl.noaa.gov/~kelly/