From owner-freebsd-security  Mon Feb 26 17:10:20 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id RAA03655
          for security-outgoing; Mon, 26 Feb 1996 17:10:20 -0800 (PST)
Received: from zip.io.org (root@zip.io.org [198.133.36.80])
          by freefall.freebsd.org (8.7.3/8.7.3) with SMTP id RAA03646
          for <freebsd-security@FreeBSD.org>; Mon, 26 Feb 1996 17:10:16 -0800 (PST)
Received: (from taob@localhost) by zip.io.org (8.6.12/8.6.12) id UAA03295; Mon, 26 Feb 1996 20:08:15 -0500
Date: Mon, 26 Feb 1996 20:08:14 -0500 (EST)
From: Brian Tao <taob@io.org>
To: cschuber@orca.gov.bc.ca
cc: FREEBSD-SECURITY-L <freebsd-security@FreeBSD.org>
Subject: Re: Informing users of cracked passwords? 
In-Reply-To: <199602231757.JAA27883@passer.osg.gov.bc.ca>
Message-ID: <Pine.BSF.3.91.960226200547.28975D-100000@zip.io.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@FreeBSD.org
Precedence: bulk

On Fri, 23 Feb 1996, Cy Schubert - BCSC Open Systems Group wrote:
> 
> ALL EXCEPT rlogind rshd rexecd fingerd: ALL
> rlogind rshd rexecd:  .io.org
> 
> These two lines restrict rlogin, rsh, and rexec to hosts within the io.org 
> domain while allowing connections to all other services from anywhere in the 
> world.

    Yes, that sounds like a good idea to me.  I'm toying with the idea
of disallowing rlogin and rsh connections from outside the io.org
domain and forcing users to supply passwords through a telnet
connection.  Is there anything wrong with his idea?  I know users will
kick and scream about it, but I can't think of any reason other than
security vs. convenience issues.
--
Brian Tao (BT300, taob@io.org)
Systems Administrator, Internex Online Inc.
"Though this be madness, yet there is method in't"