Path: utzoo!utgpu!news-server.csri.toronto.edu!rutgers!sun-barr!olivea!samsung!sdd.hp.com!wuarchive!zazen!news From: keir@vms.macc.wisc.edu (Rick Keir, MACC) Newsgroups: comp.sys.next Subject: How to restrict network logins on NeXT? Message-ID: <1991Apr1.211906.28120@macc.wisc.edu> Date: 1 Apr 91 19:45:11 GMT Sender: news@macc.wisc.edu (USENET News System) Organization: University of Wisconsin Academic Computing Center Lines: 35 We have a NeXT we use for demonstration purposes here, which is set up on our local ethernet. It also has a guest account, intended for use by people who come into our consulting area and actually sit at the NeXT's "console". Is it possible to restrict access such that (1) a single account (guest) must log in only from the console (2) guest can nevertheless use telnet/rlogin/ftp facilities to communicate *from* our machine to machines elsewhere (a common desire in testing) (3) guest can still startup shell sessions (via Terminal or Stuart or whatever...) when at the console (4) OTHER account holders --- i.e., all "real person" accounts --- can still rlogin from other machines to the NeXT. We want *local* guest users to be able to look at a real, networked machine, without competing with remote guest users in the background bogging down the machine with troff, etc. Solutions that involve preventing unassisted logins by total strangers who walk up to the machine & read the directions are unacceptable for social reasons; it is a very strongly held principle that our machines should be easy to use without needing "permission"; we *want* people to come in & mess around. Similarly, solutions that would drastically alter the environment the local guest user has are unacceptable; they are supposed to be able to see a close approximation of what their own NeXT would be like. We're just trying to cut down on misleading CPU loads caused by invisible users logging in from other machines, unknown to the person testing the NeXT.