Subject: Re: bin/2905: setting environment vars from login
To: Christian Kuhtz , Don Lewis <Don.Lewis@tsc.tdk.com>
From: Don Lewis <Don.Lewis@tsc.tdk.com>
Date: 11/17/1996 20:01:14
On Nov 17, 5:49pm, Christian Kuhtz wrote:
} Subject: Re: bin/2905: setting environment vars from login
} If you use rsh out of a login script, you most likely also use .rhosts or
} similiar trust inducing mechanisms.
} I generally use an even larger hammer on folks who do that. The rsh case
} should not have an impact on anything we do.
It depends on your environment. If you've got a whole wad of machines
on the same network, all in the same NIS domain (so much for security),
all mounting each others file systems using NFS (so much for security),
where you have $$$ licensed software node locked to certain server nodes
and you want a reasonably user friendly way of accessing it, then banning
.rhosts files doesn't help security much, and results in even more cleartext
passwords flying around the network.
I wish Santa would bring me Kerberos for Christmas, but I'm not counting
on it. Any volunteers want to help with porting Kerberos to DomainOS
and convincing our software vendors to Kerberize their applications?
And even then, what do I do about NFS? My only hope is protecting root
and maintaining good perimeter security.