wagner@rocky.STANFORD.EDU (Juergen Wagner) (10/25/87)
If a user has accounts one more than one machine he/she can create ~/.rhosts, specifying from which other users from which other hosts may login to this machine without having to specify passwords (trusted users). My question is: What is the opinion about the transitivity of this procedure, i.e. if A trusts B and B trusts C UNIX also believes that A trusts C. In other words, has anybody tried to extend the kind of restrictions put on this remote execution? Are there other operating systems allowing such a more complex access restriction schemata? Juergen Wagner, (USENET) gandalf@portia.stanford.edu Center for the Study of Language and Information (CSLI), Stanford CA
chris@mimsy.UUCP (Chris Torek) (10/26/87)
In article <697@rocky.STANFORD.EDU> wagner@rocky.STANFORD.EDU (Juergen Wagner) writes: >If a user has accounts one more than one machine he/she can create >~/.rhosts, specifying from which other users from which other hosts may >login to this machine without having to specify passwords (trusted >users). My question is: What is the opinion about the transitivity of >this procedure, i.e. if A trusts B and B trusts C UNIX also believes >that A trusts C. That follows from the fact that if C can reach B, some user on C can log in on B without entering a password; then that user on B can log in on A without entering a password. But since the trusted- host mechanism is driven entirely by the receiver, there is no way for C to contact A and say `B trusts me, and you trust B, so you ought to trust me too'. In any case, all network security systems that rely upon trust are insecure unless the entire network is physically secure, something that seems quite rare. A good public-domain authentication system would work wonders here.... -- In-Real-Life: Chris Torek, Univ of MD Comp Sci Dept (+1 301 454 7690) Domain: chris@mimsy.umd.edu Path: uunet!mimsy!chris