bh@cs.brown.edu (05/06/89)
It would seem that the "best way" to deal with network security involves a network-wide authentication service (Kerberos, etc). The efforts to make an individual workstation (or any machine not behind a locked machine room door) difficult to halt or boot in some sort of maintenance-mode (single user, diag mode, etc) still don't guarantee that some server can trust the client workstation and only make normal servicing more difficult. For example, in the Sun boot prom you could easily (:-) ) L1-A the machine, use the a prom command to update some memory location such as the uid field of some user structure to say... 0, and then ``c'' back... and.... Is Sun (or any one else) working on product involving Kerberos or something like it? Is this were Sun is going with C2 security and secure NFS? Bent