Re: r commands

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: David Miller: "Re: Internet Worm"
• Previous message: Fred Kuhns: "Re: Internet Worm"
• In reply to: Aleph One: "r commands"
• Next in thread: Dennis Glatting: "Re: r commands"

Aleph One writes:
> 
> 
>   Well guess i'll just pitch in my two cents in. If you dont allow
> users to set up their own .rhosts files, or you dissable them
> compleately. Then you loose what makes the r commands so wanted
> by people.... transparency. They like them because they dont have

Agreed.

> to type a user name and passwd to log into other machines. Now if
> this dissapears then rlogin is a beefed up telnet. Therefore you must
> a) Allow you users to use them and simply drop all incoming packets
> to any ports where the r deamons hang at the router. or b) dont allow
> them at all.

c) get the source (like logdaemon from Wietse Venema or BSD sources) and
modify.  For example disallow .rhosts but allow the use of hosts.equiv,
this way a set of trusted hosts can be defined which allow the r-commands
to do their thing.  It would also be a good idea to ensure common/unique
user and group ideas across all trusted hosts - logdaemon does this.
Alternatively, define a set of users and host pairs which will be
allowed unauthenticated access and have the r-commands check this acl.

fred

• Next message: David Miller: "Re: Internet Worm"
• Previous message: Fred Kuhns: "Re: Internet Worm"
• In reply to: Aleph One: "r commands"
• Next in thread: Dennis Glatting: "Re: r commands"