Path: utzoo!news-server.csri.toronto.edu!cs.utexas.edu!usc!rpi!crdgw1!barnett
From: barnett@grymoire.crd.ge.com (Bruce Barnett)
Newsgroups: comp.unix.ultrix
Subject: Re: MacX and Ultrix 4.0
Message-ID: <BARNETT.91Mar5100358@grymoire.crd.ge.com>
Date: 5 Mar 91 15:03:58 GMT
References: <BARNETT.91Mar1130837@grymoire.crd.ge.com>
	<JTKOHL.91Mar1145729@quicksilver.MIT.EDU>
Sender: news@crdgw1.crd.ge.com
Reply-To: barnett@crdgw1.ge.com
Organization: GE Corp. R & D, Schenectady, NY
Lines: 23
In-reply-to: jtkohl@MIT.EDU's message of 1 Mar 91 20:57:29 GMT

In article <JTKOHL.91Mar1145729@quicksilver.MIT.EDU> jtkohl@MIT.EDU (John T Kohl) writes:

>   Flame the vendor of MacX for using rexecd. 

Actually - someone told me to Flame DEC because of a bug in Ultrix 4.0
that is fixed in Ultrix 4.1.

>   [rshd is slightly better, in that it doesn't let you type a password,
>   but it does rely on IP addresses.  They can be forged, but it takes more
>   work than it does to steal a password.]


I don't quite agree. Anyone can unplug a machine that isn't in a locked room.
And it's easier to change an IP address that it is to decode a
password from several packets flying across a net. As long as the
ethernet addess isn't cached it would be easier to crack rshd than rexecd.
(Most people turn off their Mac's at night.) Also - the Mac's can
select IP numbers dynamically. If this is done, rshd won't work.

I will agree that Apple should support both protocols, like White
Pine's X server for the Mac.  
--
Bruce G. Barnett	barnett@crd.ge.com	uunet!crdgw1!barnett