Aleph One writes: > > > Well guess i'll just pitch in my two cents in. If you dont allow > users to set up their own .rhosts files, or you dissable them > compleately. Then you loose what makes the r commands so wanted > by people.... transparency. They like them because they dont have Agreed. > to type a user name and passwd to log into other machines. Now if > this dissapears then rlogin is a beefed up telnet. Therefore you must > a) Allow you users to use them and simply drop all incoming packets > to any ports where the r deamons hang at the router. or b) dont allow > them at all. c) get the source (like logdaemon from Wietse Venema or BSD sources) and modify. For example disallow .rhosts but allow the use of hosts.equiv, this way a set of trusted hosts can be defined which allow the r-commands to do their thing. It would also be a good idea to ensure common/unique user and group ideas across all trusted hosts - logdaemon does this. Alternatively, define a set of users and host pairs which will be allowed unauthenticated access and have the r-commands check this acl. fred