Re: rsh equivalent


der Mouse (pyramid!prls!philabs!micomvax!zap!iros1!mcgill-vision!mouse@decwrl.dec.com)
17 Mar 88 06:23:55 GMT


In article <23511@hi.unm.edu>, cyrus@hi.unm.edu (Tait Cyrus) writes:
> I am looking for PD version of code that accomplishes the same thing
> as rsh [...]. The reason I am interested in something other than rsh
> is because here at UNM we are strongly considering disallowing the r*
> programs (rsh/rcp/rlogin) because they do NOT conform to the RFC's
> [as previously indicated, the non-conformance in question is
> case-sensitivity of hostname lookups]

Why is this a disadvantage? The nameserver does case-insensitive
lookups; why should the user program have to care?

> as well as being BIG security problems (.rhosts).

If this is a problem at all, it's a problem with your user community.
They won't create .rhosts files unless they care more about convenience
than security, and if that's the case, nothing you do will help
(assuming you've educated them in the security holes implicit in
creating .rhosts files). People are almost always the weakest link in
any security system. You can "fix" the hosts.equiv and .rhosts
"problem" very easily by running this every night:

rm -f /etc/hosts.equiv
< /etc/passwd awk -F: '{printf("rm -f %s/.rhosts",$6);}' | sh

                                        der Mouse

                        uucp: uucp: mouse@mcgill-vision.uucp
                        arpa: mouse@larry.mcrcim.mcgill.edu



This archive was generated by hypermail 2.0b3 on Thu Mar 09 2000 - 14:41:07 GMT