[15321] in Athena Bugs
Re: sgi 8.1.7: xlogin/dm
daemon@ATHENA.MIT.EDU (Mike Barker)
Wed Jul 30 10:17:39 1997
To: Karl Ramm <kcr@MIT.EDU>
Cc: bugs@MIT.EDU
In-Reply-To: Your message of "Tue, 29 Jul 1997 13:37:19 EDT."
<199707291737.NAA02113@special-forces.MIT.EDU>
Date: Wed, 30 Jul 1997 10:17:37 EDT
From: Mike Barker <mbarker@MIT.EDU>
if I am reading this correctly, (from man xhost)
-name The given name is removed from the list of allowed
to connect to the server. The name can be a host
name or a user name. Existing connections are not
broken, but new connection attempts will be denied.
Note that the current machine is allowed to be
removed; however, further connections (including
attempts to add it back) will not be permitted.
Resetting the server (thereby breaking all
connections) is the only way to allow local
connections again.
doing what you suggest:
TCP connections should be denied to all hosts (including the local
one) by default.
would make it impossible to use xhost.
I suggest you might use the krb5 controls (described in man Xsecurity)
on your workstation if you want to implement tighter security.
Thank you for your suggestion.
Mike Barker
