gbarnet@uswnvg.UUCP (Gary Barnette) (06/26/91)
I would like to know how some sights handle the incredible
security hole opened up when a system crashes or a system
is down for scheduled maintanance.
A PC with the rsh command or a workstation can change their
IP address and reboot, effectively mascarading as the downed
multi-user machine. It can then preform rlogin's or rsh's as
ROOT (or another user) to any another multi-user unix system
that has the downed system in their .rhosts file.
I know that this is not a new problem and the removal of the
.rhosts files would prevent it but as an administrator I don't
know if I want to be a victim of my own policy.
Would Kerberos cure this security illness?
Thanks to all that contribute,
Gary Barnette
US West NewVector
{uunet, sequent}!uswnvg!gbarnetjik@cats.ucsc.edu (Jonathan I. Kamens) (06/26/91)
In article <925@uswnvg.UUCP>, gbarnet@uswnvg.UUCP (Gary Barnette) writes: |> Would Kerberos cure this security illness? Yes. -- Jonathan Kamens jik@CATS.UCSC.EDU