Path: utzoo!utgpu!water!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!bloom-beacon!husc6!uwvax!oddjob!tank!uxc!uxc.cso.uiuc.edu!a.cs.uiuc.edu!s.cs.uiuc.edu!carroll
From: carroll@s.cs.uiuc.edu
Newsgroups: comp.unix.wizards
Subject: Re: rlogin over trusted hosts...
Message-ID: <216100006@s.cs.uiuc.edu>
Date: 16 Oct 88 17:01:00 GMT
References: <3043@mipos3.intel.com>
Lines: 19
Nf-ID: #R:mipos3.intel.com:3043:s.cs.uiuc.edu:216100006:000:1090
Nf-From: s.cs.uiuc.edu!carroll    Oct 16 12:01:00 1988


RE : host.equiv

It's a real feature of rlogin that the host.equiv files are not required
to be reciprocal. We used this feature to set up 'master machines' so
that root on a master could get anywhere as root, but root on a normal
lab machine could only get to a subset. E.g., the machines for class A
were all root-eqivalent, and the class B machines were also, but an A
machine couldn't be root on a B machine, and vice versa, while a master
machine could be root on any of them. This way, the TA's for each class
could be given root priviledges without risk to machines for other classes
(so if the TA screwed up, it was his problem, not some one else's).
Meanwhile the lab staff could use the master's to fix things when necessary.
Of course, the master machines were *physically* secured also. If the hacker
can get to the master, your security just evaporated.

Alan M. Carroll          "How many danger signs did you ignore?
carroll@s.cs.uiuc.edu     How many times had you heard it all before?" - AP&EW
CS Grad / U of Ill @ Urbana    ...{ucbvax,pur-ee,convex}!s.cs.uiuc.edu!carroll