[23952] in Athena Bugs
Re: sun4 9.2.16: access_on
daemon@ATHENA.MIT.EDU (Greg Hudson)
Sat Sep 6 19:13:59 2003
From: Greg Hudson <ghudson@MIT.EDU>
To: Michael Khusid <mkhusid@mit.edu>
Cc: bugs@mit.edu
In-Reply-To: <200309062017.h86KHiff029666@m2-032-13.mit.edu>
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Message-Id: <1062890036.20507.101.camel@error-messages.mit.edu>
Mime-Version: 1.0
Date: Sat, 06 Sep 2003 19:13:56 -0400
On Sat, 2003-09-06 at 16:17, Michael Khusid wrote:
> Access_on does work, however, it currently allows only access
> to unsecure telnets (I have tried telnet - port 23 and ssh - port 22
> protocols only). Neither secure shell (OpenSSH) nor kerberized telnet
> connection worked.
Both Kerberized telnet and sshd cannot maintain a secure connection
unless the host machine can keep secrets. PUBLIC=true machines cannot
keep secrets, so it doesn't make sense to provide the illusion of
security.
access_on is really only useful for a limited set of scenarios at this
point--to debug a public workstation, or to reverse the effect of
access_off on a private machine which honors access_off.
