Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!mips!spool.mu.edu!uunet!stanford.edu!leland.Stanford.EDU!elaine54.Stanford.EDU!fangchin
From: fangchin@elaine54.Stanford.EDU (Chin Fang)
Newsgroups: comp.unix.aix
Subject: How do I fix this mile wide security hole?
Message-ID: <1991May2.043538.10610@leland.Stanford.EDU>
Date: 2 May 91 04:35:38 GMT
Expires: May 20, 1991
Sender: news@leland.Stanford.EDU (Mr News)
Distribution: usa
Organization: Stanford University, California, USA
Lines: 30

Every now and then I have to be away from my RS6000 console.  Up to now
I haven't found a good way to lock my console.  Xlock won't cut it since
anyone can walk up to my console, ALT-CNTL-BKSP, kills X, and then do 
whatever s/he wants!

I can do a really *dirty* kludge using a shell wrapper as follows:

xmodmap unbind CNTL
call xlock
[user passwd validation]
xmodmap rebind CNTL

However, I don't really think the above even qualifies as a "solution".
Up to now, I just log out completely to protect my account, a BIG hassle
indeed considering we have 9600! users in yp, and it takes more than 30s
to get passwd prompt after login prompt!

I confess that RS6000 is still new to me and I might have missed some
utilities that I could have taken advantage of.  If someone could
kindly point me to these or suggest me an elagent way to secure my console,
I would be very appreciative.

Please email your response.  I promise a summary if there is enough interest.

Regards,

Chin Fang
Mechanical Engineering Department
Stanford University
fangchin@leland.stanford.edu