Date: Tue, 27 Feb 1996 00:42:22 -0500 (EST) From: Denis Fortin <fortin@zap.qc.ca> To: Brian Tao <taob@io.org> Cc: cschuber@orca.gov.bc.ca, FREEBSD-SECURITY-L <freebsd-security@FreeBSD.org> Subject: Re: Informing users of cracked passwords? Message-ID: <Pine.SUN.3.91.960227003614.3290D-100000@zap.zap.qc.ca> In-Reply-To: <Pine.BSF.3.91.960226200547.28975D-100000@zip.io.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 26 Feb 1996, Brian Tao wrote: > I'm toying with the idea of disallowing rlogin and rsh connections from > outside the io.org domain and forcing users to supply passwords through a > telnet connection. Is there anything wrong with his idea? I know users will > kick and scream about it, but I can't think of any reason other than > security vs. convenience issues. This is what I usually do (i.e. disable rlogin and let people use telnet), but fans of rlogin will then tell you that by doing that you're forcing people to send login passwords in clear on the network where they can be sniffed (whereas with rlogin, you wouldn't have to type in the password). But anyway, I'd rather have people use telnet... I've always found the "r" commands to be too magical for my taste :-) Denis Fortin fortin@acm.org DMR Group Inc, (514) 877-3301 These opinions are my own
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SUN.3.91.960227003614.3290D-100000>