[989] in linux-security and linux-alert archive
Re: [linux-security] A (possibly) crazy idea...
daemon@ATHENA.MIT.EDU (Miquel van Smoorenburg)
Wed Aug 7 17:41:26 1996
From: Miquel van Smoorenburg <miquels@cistron.nl>
To: jeffb@hsnp.com (Jeff Barrow)
Date: Wed, 7 Aug 1996 22:50:33 +0200 (MET DST)
Cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <Pine.LNX.3.93.960805225954.11901A-100000@netc.netc.com> from "Jeff Barrow" at Aug 5, 96 11:13:44 pm
You (Jeff Barrow) wrote:
> I had an idea.... What if I set up a linux box with mgetty+sendfax, with
> the auto-ppp patch installed, and for the normal login process used
> instead rlogin to connect to our main computer. (The ppp would use a
> diff. protocol for authentication). What security issues should I be
> aware of for this to work how I want it to? (which is for the dial-in
> users to enter thier password and be logged into the main system....)
We've been doing this for a year and a half now and it works fine.
You'll need a patched rlogin so that you can fake the loginname on
the local side, then setup a suitable hosts.equiv on the remote side.
Just do _not_ duplicate all accounts on the "terminal server" and the
"main server". Then the terminal server will be safe.
Mike.
--
Miquel van | Cistron Internet Services -- Alphen aan den Rijn.
Smoorenburg, | mailto:info@cistron.nl http://www.cistron.nl/
miquels@het.net | Tel: +31-172-419445 (Voice) 430979 (Fax) 442580 (Data)