rlogin over trusted hosts...
carroll at s.cs.uiuc.edu
carroll at s.cs.uiuc.edu
Mon Oct 17 03:01:00 AEST 1988
RE : host.equiv
It's a real feature of rlogin that the host.equiv files are not required
to be reciprocal. We used this feature to set up 'master machines' so
that root on a master could get anywhere as root, but root on a normal
lab machine could only get to a subset. E.g., the machines for class A
were all root-eqivalent, and the class B machines were also, but an A
machine couldn't be root on a B machine, and vice versa, while a master
machine could be root on any of them. This way, the TA's for each class
could be given root priviledges without risk to machines for other classes
(so if the TA screwed up, it was his problem, not some one else's).
Meanwhile the lab staff could use the master's to fix things when necessary.
Of course, the master machines were *physically* secured also. If the hacker
can get to the master, your security just evaporated.
Alan M. Carroll "How many danger signs did you ignore?
carroll at s.cs.uiuc.edu How many times had you heard it all before?" - AP&EW
CS Grad / U of Ill @ Urbana ...{ucbvax,pur-ee,convex}!s.cs.uiuc.edu!carroll
More information about the Comp.unix.wizards
mailing list