Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!cornell!uw-beaver!rice!sun-spots-request
From: ecn!marcel@nluug.nl (Marcel Bernards)
Newsgroups: comp.sys.sun
Subject: Re: Securing the Server
Keywords: Networks
Message-ID: <8904030926.AA13171@ecn.UUCP>
Date: 25 Apr 89 15:53:31 GMT
Sender: usenet@rice.edu
Organization: Sun-Spots
Lines: 24
Approved: Sun-Spots@rice.edu
Original-Date: Mon, 3 Apr 89 11:26:29 +0200
X-Sun-Spots-Digest: Volume 7, Issue 247, message 4 of 15
X-Issue-Reference: v7n211

in Sun-Spots-Digest: Volume 7, Issue 211, message 18 of 19:David G Anderer
writes:

>Problem: How do I prevent people from getting to the server via TELNET or
>RLOGIN?  There's no reason they should run jobs on the server, and a good
>one they shouldn't.

solution:
What to do
create a separate passwd.yp with all yp users on the net.
change  passwd to the original version without +:0:0::: 

for every user permitted on the server add
+foo:
+bar:
+:*: or
+:nologin: -> this line prevents other users to login 
but all the YP UID and GID's are locally added by YP

It works fine on our 4/280 SUNOS 4.0

Marcel Bernards, UNIX & Net sysadm Netherlands Energy Research Foundation ECN
P.O. Box 1, 1755 ZG Petten, PHONE: 09 312246 4342 EARN/BITNET:ESU0130@HPEENR51 
IP: marcel%ecn.uucp@nluug.nl UUCP: marcel@ecn.uucp,marcel%ecn.uucp@uunet.uu.net