[919] in Kerberos
Re: what is toehold?
daemon@ATHENA.MIT.EDU (Henry Mensch)
Tue Apr 24 23:56:14 1990
From: Henry Mensch <henry@MIT.EDU>
To: gamiddon@maytag.waterloo.edu (Guy Middleton)
Cc: kerberos@ATHENA.MIT.EDU
In-Reply-To: Your message of 25 Apr 90 02:37:27 +0000.
Date: Tue, 24 Apr 90 23:52:49 EDT
>"toehold" is mentioned in kinit(1), but I can find neither source nor manpage.
>What does it do, and where can I get it? Thanks.
toehold has nothing to do with kerberos per se. it is a subsystem
which we use to keep our workstations in a mostly-quiescent state
between uses; it also helps cause automatic software update, and does
some cleanup between each use. the manual page for toehold (and some
attendant utilities) can be seen below; we are not yet distributing
this software via our usual means (when we are ready to do this, i will
announce it to the world...).
-- Henry Mensch / <henry@MIT.EDU>
-- Project Athena External Relations
REFERENCES:
TOEHOLD(8) UNIX Programmer's Manual TOEHOLD(8)
NAME
toehold - Athena workstation environment and login manager
SYNOPSIS
/etc/athena/toehold
DESCRIPTION
The toehold utility and the Athena version of the login pro-
gram are responsible for managing login sessions on public
and private Athena workstations. These two programs are
referred to as the toehold system. This system addresses
several problems inherent in the nature of the public works-
tation environment. These problems are discussed in the
Athena document "Toehold: a Technical Description."
The toehold utility manages the workstation's network and
local environments, initializing the network environment
when it activates the workstation, and restoring the local
environment when it deactivates the workstation.
The init(8) procedure starts toehold as the last step of the
workstation's boot process, giving toehold control of the
workstation's console port. toehold then displays the mes-
sage "Hit any key."
When someone enters a keystroke, toehold uses the
/etc/athena/activate shell script to prepare the
workstation's network environment and attach the
workstation's srvd and urvd remote filesystems. That done,
toehold displays an xterm login window and hands control to
the login program.
Note that the activation process automatically prevents the
workstation from accepting remote connections from the net-
work. See access_on(1) for more information.
When the user logs off the workstation, toehold redisplays
the login window and waits. If two minutes pass without
another login, toehold uses the /etc/athena/deactivate shell
script to clean up the workstation's local environment and
detach all remote filesystems. This deactivation process
also prevents the workstation from accepting remote connec-
tions.
FILES
/etc/ttys
SEE ALSO
access_on(1) and access_off(1), activate(8) and deac-
tivate(8), login(1), attach(1) and detach(8), "Privatizing
Your Workstation"
ACTIVATE(8) UNIX Programmer's Manual ACTIVATE(8)
NAME
activate, deactivate - activate or deactivate workstation
SYNOPSIS
/etc/athena/activate
/etc/athena/deactivate
DESCRIPTION
The toehold(8) utility uses the activate script to set up
the workstation's network environment, and uses the deac-
tivate script to restore the workstation's environment for
the next login session.
The activate script performs three tasks: it asks the hesiod
nameserver to furnish information about the workstation's
cluster environment; it uses the nameserver's information
and the attach command to attach the workstation's system,
and usr filesystems; and it runs the access_off program to
turn off the workstation's ability to accept remote connec-
tions.
This last step closes the workstation from unexpected and
possibly hostile remote connections. After logging in, you
can use the access_on command to allow remote access.
The deactivate script performs four tasks. First it deletes
all files stored in the /tmp and hesiod nameserver to fur-
nish information about the workstation's cluster environ-
ment; it uses the nameserver's information and the attach
command to attach the workstation's system, and usr filesys-
tems; and it runs the access_off program to turn off the
workstation's ability to accept remote connections.
This last step closes the workstation from unexpected and
possibly hostile remote connections. After logging in, you
can use the access_on command to allow remote access.
The deactivate script performs four tasks. First it deletes
all files stored in the /tmp directory thus deleting all
temporary home directories and restoring the workstation to
a "null" state. Files store in the /usr/tmp directory will
be deleted only if they have not been modified in 4 days.
Then it removes temporary password entries from the
/etc/passwd file. Next it uses the access_off command to
turn off the workstation's ability to accept remote connec-
tions. And finally, it uses the detach command to grace-
fully close the workstation's connections to all remote
filesystems.
FILES
/etc/clusterinfo These files contain the information
/etc/clusterinfo.bsh received from the nameserver.
SEE ALSO
toehold(8), save_cluster_info(8), login(1), access_on(1) and
access_off(1), attach(1) and detach(1), hesiod(3)
ACCESS_ON(1) UNIX Programmer's Manual ACCESS_ON(1)
NAME
access_on, access_off - allow or prevent remote connections
to workstations
SYNOPSIS
/usr/athena/access_on
/usr/athena/access_off
DESCRIPTION
The access_on and access_off utilities control remote con-
nections to Athena workstations. When you activate and
login to a workstation, the workstation's toehold process
uses the access_off program to prevent the workstation's
inetd daemon from accepting network remote connections. In
other words, no one can access the workstation with commands
like rlogin, rcp, ftp, and telnet. This protects the user
from unexpected and possibly hostile remote connections.
Of course the user may wish to allow remote connections.
The access_on command performs this function. Use
access_off to prevent connections again.
Note that the toehold utility manipulates remote access at
activation and deactivation time.
SEE ALSO
activate(8), toehold(8), inetd(8)
