Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!mit-eddie!uw-beaver!ubc-cs!alberta!aunro!aupair.cs.athabascau.ca!lyndon
From: lyndon@cs.athabascau.ca (Lyndon Nerenberg)
Newsgroups: u3b.misc,comp.sys.att
Subject: Re: Secure TTY on a 3B2
Message-ID: <338@aupair.cs.athabascau.ca>
Date: 5 Oct 90 17:38:44 GMT
References: <14582@hydra.gatech.EDU>
Organization: Athabasca University
Lines: 25

jkg@prism.gatech.EDU (Jim Greenlee) writes:

>Can anybody tell me how to define a tty port as being "secure" on a
>3B2/310? We're running SVR 3.2 and WIN TCP/IP 3.0.1. We recently upgraded
>from SVR 3.0 and WIN TCP/IP 1.1, which permitted rlogin or telnet as root.
>I can't see any way to do this with the current version of the software.

It's hard wired into the login program! There is a #define in the source
that turns it on and off.

I wanted to disable this, so I recompiled /bin/login and tryed to rlogin
as root. Much to my disgust, I discover that telnet and rlogin do not use
/bin/login, nut rather use /usr/etc/netlogin. Of course we don't have source
for the latter. Running emacs on the netlogin binary shows it to be the
BSD login command, with the usual WIN breakage thrown in.

If you have source, I highly recommend you replace telnetd, rlogind, and
/bin/login with the BSD versions. Beware that ruserok() in libnet.a is
broken (as is rresvport()), so you'll want to link in replacement versions
from BSD as well.
-- 
    Lyndon Nerenberg  VE6BBM / Computing Services / Athabasca University
        {alberta,cbmvax,mips}!atha!lyndon || lyndon@cs.athabascau.ca

      The only thing open about OSF is their mouth.  --Chuck Musciano