Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!husc6!hao!boulder!sunybcs!bingvaxu!leah!uwmcsd1!ig!jade!ucbvax!decvax!decwrl!labrea!rocky!wagner
From: wagner@rocky.STANFORD.EDU (Juergen Wagner)
Newsgroups: comp.unix.questions,comp.unix.wizards
Subject: Transitivity of .rhosts
Message-ID: <697@rocky.STANFORD.EDU>
Date: Sun, 25-Oct-87 00:21:59 EST
Article-I.D.: rocky.697
Posted: Sun Oct 25 00:21:59 1987
Date-Received: Tue, 27-Oct-87 01:35:11 EST
Reply-To: wagner@rocky.UUCP (Juergen Wagner)
Organization: Stanford University Computer Science Department
Lines: 11
Keywords: remote-access, rlogin, rsh, security
Xref: mnetor comp.unix.questions:4662 comp.unix.wizards:5102

If a user has accounts one more than one machine he/she can create
~/.rhosts, specifying from which other users from which other hosts may
login to this machine without having to specify passwords (trusted
users). My question is: What is the opinion about the transitivity of
this procedure, i.e. if A trusts B and B trusts C UNIX also believes
that A trusts C. In other words, has anybody tried to extend the kind
of restrictions put on this remote execution? Are there other operating
systems allowing such a more complex access restriction schemata?

Juergen Wagner,			(USENET) gandalf@portia.stanford.edu
Center for the Study of Language and Information (CSLI), Stanford CA