Path: utzoo!utgpu!utstat!jarvis.csri.toronto.edu!mailrus!ukma!husc6!rice!sun-spots-request
From: anderer@vax1.acs.udel.edu (David G Anderer)
Newsgroups: comp.sys.sun
Subject: Securing the Server?
Keywords: Networks
Message-ID: <3086@udccvax1.acs.udel.EDU>
Date: 29 Mar 89 18:08:48 GMT
Sender: usenet@rice.edu
Organization: University of Delaware
Lines: 26
Approved: Sun-Spots@rice.edu
Original-Date: 14 Mar 89 21:08:38 GMT
X-Sun-Spots-Digest: Volume 7, Issue 211, message 18 of 19

Setting:  A public site with a dozen or so diskless Suns connected to one
server.  YP in use.

Problem: How do I prevent people from getting to the server via TELNET or
RLOGIN?  There's no reason they should run jobs on the server, and a good
one they shouldn't.

However, since we're using YP, that implies they must be in /etc/passwd on
the server, and thus by definition they have a legitimate account on the
server.

I'd like to keep YP because it does handle some things well - such as
permitting someone to change their password for the entire cluster rather
than on a per-machine bases.

My one solution was to use some file other than /etc/passwd as the YP
passwd map (such as /etc/passwd.clients).  That works, except the server
then has no knowledge of these accounts, and so things like ls -l on the
server are messy because they display user numbers rather than user names.

If there a way (short of source) to only allow SOME accounts remote access
to the server?

Dave Anderer
Academic Computing and Instructional Technology
University of Delaware