Annex terminal servers

Jean-Francois Lamy lamy at ai.utoronto.ca
Wed Mar 15 23:28:31 AEST 1989 

We have one and like it.  We have 24 lines coming in from a departmental
switch, a pair of TrailBlazers, a Hayes and outgoing lines back to the
departmental switch.  We do UUCP over the TB modems.

We are running version 4.0 of the software.  You can run it with security
disabled, which is only a good idea if you can trust anyone that will ever
reach the annex.  We can't, so we run with security enabled. This means
our users have to log on the Annex, information gets encrypted and sent
to a responding authentication server for validation.  They then get to pick
whatever machine your heart desires.  Even though authentication has taken
place, you don't want the annex in the hosts.equiv file because of a bug in
the way they implemented rlogin -l (Xylogics says fixed in 4.1), and even
if that gets fixed, if for whatever reason a user gets a port that is still
active you don't want him to walk into the previous user's account. So our
users have to give their password a second time.  I'm not aware of complaints
about that aspect of the procedure.

We had ALM-2s and tossed them (they were starting to run almost right a patch
release 5.3, but our patience had run out by then -- we were the first
customers in Canada to go to 4.0, before Sun Canada did, because ALM-2s were
supposed to work :-).  The terminal server is better suited to the way our lab
is built, with small research groups getting more and more specialized or
dedicated hardware, and where sticking serial line muxes in all those machines
would make little sense.

Glitches with them include
- can't fit the monster routing tables for NSFNET under 4.0.  Fixed in 4.1,
  does not matter if you reach it via a default route.
- rlogin -l with security enabled is a security hole, but not if security
  is disabled (!)
- There does not seem to be a way to get them to send a break to the remote
  computer and, going the other way, to get "tip" to push a break to the
  outgoing modem.

Good things:
- They work!
- Our users did not complain about anything.  Emacs runs fine, ^S and ^Q
  go through properly, and all that.
- They support name servers.
- More parameters than you'd ever wish for, with sensible defaults.

Jean-Francois Lamy               lamy at ai.utoronto.ca, uunet!ai.utoronto.ca!lamy
AI Group, Department of Computer Science, University of Toronto, Canada M5S 1A4

More information about the Comp.unix.wizards mailing list