[3199] in Release_Engineering
Re: Jeff's inetd.conf/services addition
epeisach@ATHENA.MIT.EDU (epeisach@ATHENA.MIT.EDU)
Sat Apr 30 20:52:58 1994
I believe I have found a binary for gshd... Based on strings, etc, what
is essentially being done is that the gdss public key is being used
to decode some sort of authentication... Now it seems likely to me then
that this is exactly like wlogin - except there is no srvtab encoded in
the binary..... Is this trying to be slipped in - I don't remember
seeing anything about it in the release-77 or trb meetings.
So, if one executable can gain you access to all machines, who
controls the executable? Since the private gdss key is necessary, that
limits it down to a very select few - but what for what purpose?
Now, I can see argueably, that the network groups is responsible for
machines - and this would allow access to public machines, but
do they have the right to access private machines? What limitations
are inforced on what is allowed and what is not? If Joe faculty member
purchases a WS and stores confidential information on the machine,
changes the root password, etc, locks the machine in his office at night,
his machine may still be remotely accessed by those he has no knowledge of.
When someone purchases a machine, are they told that I/S may have to do this?
(And in what circumstances?)
On the other hand, if a machine is causig problems to the network,
turn off the drop until the problem can be resolved - I believe that
control already exists....
I just feel that this is a little underhanded....
Ezra
