home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.sys.sgi
- Path: sparky!uunet!charon.amdahl.com!pacbell.com!sgiblab!sgigate!sgi!fido!zola!zuni!anchor!olson
- From: olson@anchor.esd.sgi.com (Dave Olson)
- Subject: Re: Install problem
- Message-ID: <sg6lgio@zuni.esd.sgi.com>
- Keywords: Install CDROM remote
- Sender: news@zuni.esd.sgi.com (Net News)
- Organization: Silicon Graphics, Inc. Mountain View, CA
- References: <YFF=#z@engin.umich.edu> <srp.721956667@cgl.ucsf.edu> <1992Nov17.014909.12730@leland.Stanford.EDU> <-YF=J_@engin.umich.edu>
- Date: Tue, 17 Nov 92 22:14:56 GMT
- Lines: 76
-
- In <-YF=J_@engin.umich.edu> hillig@U.Chem.LSA.UMich.EDU (Kurt Hillig) writes:
-
- | In article <1992Nov17.014909.12730@leland.Stanford.EDU> dhinds@leland.Stanford.EDU (David Hinds) writes:
- | >In article <srp.721956667@cgl.ucsf.edu> srp@cgl.ucsf.edu (Scott R. Presnell) writes:
- | > >hillig@U.Chem.LSA.UMich.EDU (Kurt Hillig) writes:
- | > >
- | > > [deleted...]
- | > >
- | > > > When I run inst on a remote machine, I can't get it to communicate with
- | > > > the 360 server:
- | > >
- | > >1) Are all the client machines in /etc/hosts.equiv on uranium?
- | > >2) or is the uranium:~guest/.rhosts file set correctly?
- | >
- | >I think this is the real problem.
- | >
- | > >3) It is my recollection that the remote user of inst under 3.3.X was
- | > >"inst," consequently the .rhosts file had to let "inst" use the login..
- | > >i.e. the <server>:~guest/.rhosts file had:
- | > >
- | > > hostname1 inst
- | > > hostname2 inst
- | >
- | >It seems to do it as user 'guest', not 'inst'.
- | >
- | > - David Hinds
- | > dhinds@allegro.stanford.edu
- |
- | Bingo! I had used "inst" in the ~guest/.rhosts file - which I believe
- | was a "leftover" from 3.3.3....
- |
- | But this screws up the security, doesn't it? I disable the guest account
- | on the server because I don't want people getting on it without a password,
- | but I can't keep the remote users from leaving guest unprotected. If I
- | have to specify "guest" instead of "inst" in the server's .rhosts file, then
- | guest users on the remote machine still have passwordless access to the server.
-
- I don't see how this is a security issue, assuming you set up a special
- account for inst. You force inst to use a specific idea by specifying the
- 'from' command, and use the syntax:
- user@machine:/directory
- rather than:
- machine:/directory
-
- | Is my memory right that inst used to use the username "inst"? If so, what's
- | the rationale for changing this?
-
- Yes, it used to use inst.
-
- | Looking at section 3.3 (p. 3-6) of the Iris Software installation Guide, they
- | suggest setting up an "instuser" account on the server, and in its home
- | directory's .rhosts file adding lines of the form:
- |
- | client.internet.name instuser
- |
- | But this doesn't work either. Since "instuser" isn't defined on the client
- | but only on the server, inst still can't get in unless the instuser account
- | has no password. And creating an instuser account on the client doesn't
- | help since inst tries to connect to the server as "guest", not as "instuser".
-
- It doesn't ever need to be defined on the client. You can put a passwd on
- the instuser account if you want, as long as you have a .rhosts file
- for that account.
-
- | So, from my point of view, it looks like the documentation is wrong -
- | at least when I follow the directions it doesn't work - and inst's use
- | of "guest" rather than "inst" leaves a security hole that I can't easily
- | plug without upsetting some of my users (some of whom just love having
- | a passwordless guest account!).
-
- I think you omitted specifying the userid to use on the clients, see the
- syntax above.
- --
- Let no one tell me that silence gives consent, | Dave Olson
- because whoever is silent dissents. | Silicon Graphics, Inc.
- Maria Isabel Barreno | olson@sgi.com
-
