Securing the Server
Mike Jipping
jipping at cs.hope.edu
Sat Apr 22 10:04:22 AEST 1989
How about the following scheme. You suggested an alternate source for the
YP passwd map (e.g., /etc/passwd.clients); use that. Now in /etc/passwd
on the server, use a different login shell than /bin/csh or /bin/sh -- try
something that does nothing or kicks folks off the machine (after perhaps
recording that they trespassed). A spiffy trick for these "alternate"
shells appeared in an STB last year -- it automagically routed the user to
a free client on the network. Now, that example was for users calling in,
but it would work for you as well.
This way, a user is still known on the server, but can't telnet/rlogin to
do anything useful. And some accounts -- the ones you give a "real" login
shell to -- can still login and use the machine.
Mike Jipping
Hope College
Department of Computer Science
jipping at cs.hope.edu
More information about the Comp.sys.sun
mailing list