[989] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] A (possibly) crazy idea...

daemon@ATHENA.MIT.EDU (Miquel van Smoorenburg)
Wed Aug 7 17:41:26 1996

From: Miquel van Smoorenburg <miquels@cistron.nl>
To: jeffb@hsnp.com (Jeff Barrow)
Date: Wed, 7 Aug 1996 22:50:33 +0200 (MET DST)
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.LNX.3.93.960805225954.11901A-100000@netc.netc.com> from "Jeff Barrow" at Aug 5, 96 11:13:44 pm

You (Jeff Barrow) wrote:
> I had an idea.... What if I set up a linux box with mgetty+sendfax, with
> the auto-ppp patch installed, and for the normal login process used
> instead rlogin to connect to our main computer.  (The ppp would use a
> diff. protocol for authentication).  What security issues should I be
> aware of for this to work how I want it to?  (which is for the dial-in
> users to enter thier password and be logged into the main system....)

We've been doing this for a year and a half now and it works fine.
You'll need a patched rlogin so that you can fake the loginname on
the local side, then setup a suitable hosts.equiv on the remote side.

Just do _not_ duplicate all accounts on the "terminal server" and the
"main server". Then the terminal server will be safe.

Mike.
-- 
  Miquel van    | Cistron Internet Services   --    Alphen aan den Rijn.
  Smoorenburg,  | mailto:info@cistron.nl          http://www.cistron.nl/
miquels@het.net | Tel: +31-172-419445 (Voice) 430979 (Fax) 442580 (Data)

home help back first fref pref prev next nref lref last post