[3077] in RedHat Linux List
Re: HOSTS.EQUIV "behavior" (Colgate)???
daemon@ATHENA.MIT.EDU (Michael K. Johnson)
Wed Nov 6 21:25:13 1996
To: Lawrence Houston <houston@boyd.geog.mcgill.ca>
cc: redhat-list@redhat.com
From: "Michael K. Johnson" <johnsonm@redhat.com>
In-reply-to: Your message of "Sun, 03 Nov 1996 17:26:10 EST."
<Pine.LNX.3.91.961103171440.2414A-100000@boyd.geog.mcgill.ca>
Date: Wed, 06 Nov 1996 21:21:58 -0500
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
Sorry for the delayed response. First I was out of the office, since
then I've been ill and trying to catch up...
Lawrence Houston writes:
>How can one determine if one's Namserver(s) can perform thr type of
>"reverse lookup" required by PAM?
There's only one type of "reverse lookup". You can use the command
dig -x <ipaddress>
to determine whether it's working. Look under ";; ANSWERS:". For
instance, the command
$ dig -x 199.183.24.1
returns (in part)
;; ANSWERS:
1.24.183.199.in-addr.arpa. 604800 PTR redhat.com.
^^^^^^^^^^^^ ^^^^^^^^^^^
Notice this part is backwards! This is the machine name.
>Had one occurence today where the Colgate Host did NOT request a password
>while I was using RLOGIN from a Host NOT appearing in the HOSTS.EQUIV
>File! Immediately logged out and logged back in and the second time it
>DID ask for a password (which is NOT very consistent)? Can NOT remember
>having noticed an absence of a password prompt before, although on
>occasion there have been noticable delays before RLOGIN continues.
>Gaining access without a password from a Host NOT appearing in the
>HOSTS.EQUIV File weakens Systems Security!!!!!
Has anyone else seen anything like this? I never have, and I've
never heard of it from anyone else, either. If anyone else has
ever seen this, I want to know. Please check your logs immediately
if you see this again, and see if anything related to this has been
logged.
However, it sounds to me like you've got nameservice problems.
rhosts authentication is only as good as your nameservice, and if
you can't trust your nameservice, you either need to run your own
or turn off rhosts authentication.
michaelkjohnson
"Ever wonder why the SAME PEOPLE make up ALL the conspiracy theories?"
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
________________________________________________________________________
http://www.redhat.com/RedHat-FAQ http://www.redhat.com/RedHat-Errata
http://www.redhat.com/RedHat-Tips http://www.redhat.com/mailing-lists
------------------------------------------------------------------------
To unsubscribe: mail -s unsubscribe redhat-list-request@redhat.com < /dev/null
