Date: Fri, 31 May 1996 17:42:45 -0600 From: Sean Kelly <kelly@fsl.noaa.gov> To: fleisher@mind.net Cc: dbabler@Rigel.orionsys.com, questions@freebsd.org Subject: Re: Limiting access Message-ID: <199605312342.XAA24859@gatekeeper.fsl.noaa.gov> In-Reply-To: <2.2.32.19960531232202.006f54f8@mind.net> (message from Anthony D Fleisher on Fri, 31 May 1996 16:22:02 -0700)
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "Anthony" == Anthony D Fleisher <fleisher@mind.net> writes:
Anthony> Why not just use tcpwrappers to restrict access?
Because it might be OK to enter the FreeBSD system from the
network---such as from a remote access provider. He wants to charge
for his local modem usage to the BBS. (I think.)
>> What I'm thinking of doing is to create their account on the
>> FBSD system and then use vipw to make their passwords
>> un-enterable ("*") and have the BBS in the etc/hosts.equiv file
>> and use rlogin from the BBS. That way, their security is
>> handled by the BBS (and they don't need to remember another
>> password) and if they try to login from "outside", they can't
>> because they can't enter the password. Am I overlooking
>> something or is there some easily-exploitable hole in this?
>>
Anthony> 1) What is stoping them from creating a .rhosts file (and
Anthony> thus not required to enter a password)?
They won't be required to enter a password anyway since the BBS
hostname will appear in the FreeBSD's /etc/hosts.equiv file.
--
Sean Kelly
NOAA Forecast Systems Laboratory kelly@fsl.noaa.gov
Boulder Colorado USA http://www-sdd.fsl.noaa.gov/~kelly/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199605312342.XAA24859>