win@gatech.edu (Win Strickland Jr) (10/27/88)
We've recently received an Annex II box running Annex-UX R4.0.
During installation and testing everything seems to work smoothly
as advertised, and it's a really nice box.
However, we've run up against a security problem with the Annex II and
some workstations. I'd rather not go into details here for obvious
reasons.
If any system admin types out there are currently running Annex II
boxes I'd like to hear from you.
Thanks
Win Strickland Jr School of ICS, Georgia Tech, Atlanta GA 30332
Internet: win@gatech.edu postmaster@gatech.edu root@gatech.edu
UUCP: ...!{decvax,hplabs,ncar,purdue,rutgers}!gatech!win
Phone: (404) 894-3086win@gatech.edu (Win Strickland Jr) (10/28/88)
In article <17555@gatech.edu>, win@gatech.edu (I wrote) writes: > We've recently received an Annex II box running Annex-UX R4.0. > During installation and testing everything seems to work smoothly > as advertised, and it's a really nice box. > > However, we've run up against a security problem with the Annex II and > some workstations. I'd rather not go into details here for obvious > reasons. After talking with someone from Encore today (thanks John!) we figured out what the problem was. The problem stems from the way that some manufacturers default their hosts.equiv file and the way the Annex box presents its rlogin request to a machine. Because the Annex box is not handling users in a secure way, you should NOT let an Annex box be in your trusted hosts list in hosts.equiv. If you want more details, please communicate via e-mail. -- Win Strickland Jr School of ICS, Georgia Tech, Atlanta GA 30332 Internet: win@gatech.edu postmaster@gatech.edu root@gatech.edu UUCP: ...!{decvax,hplabs,ncar,purdue,rutgers}!gatech!win