irick@ei.ecn.purdue.edu (GarBear Irick) (01/06/91)
OK, this is for all you networking gods out there... How does a machine accepting rlogin connections determine the username of the user on the foreign host? If it is sent by the foreign host, what prevents anyone with a basic knowledge of sockets from writing a bogus version of rlogin and faking the username, in order to take advantage of a .rhosts, for example? I've written some simple server/client stuff using sockets, and the only way I could see to determine the username of the incoming user was to have the client-side program send it to the server. Assuming someone has a clue, please reply via e-mail to the address below. RTFM's gladly accepted... :) -- Gary A. Irick, Purdue University | "You can log out any time you like, INTERNET: irick@en.ecn.purdue.edu | But you can never leave!" UUCP: ...!pur-ee!irick | (apologies to The Eagles)