D. Allen [CGL]" <idallen@watcgl.waterloo.edu> (07/13/90)
I set up port 1 on my terminal server, gave it a service name, and passworded that service. This protects the service from unauthorized users getting into it from other terminal servers. But I seem to be able to use "lcp -h /dev/tty10:MYSERVER:PORT_1" and tip on Ultrix to get direct access to the port and bypass the password. So, too, could anyone else out there in Ethernet land. I guess the password is only on the "service", not on the port itself? I can set a password on the incoming port right at the terminal server, but that's not what I want. How can I password the port and service so that access from Ultrix via /dev/ is passworded the same way as is access from other terminal servers? If Ultrix can get at the port without a password, this leads me to believe that someone could write terminal server software that ignored passwords too. How secure is LAT? -- -IAN! (Ian! D. Allen) idallen@watcgl.uwaterloo.ca idallen@watcgl.waterloo.edu [129.97.128.64] Computer Graphics Lab/University of Waterloo/Ontario/Canada