rlogin verification
GarBear Irick
irick at ei.ecn.purdue.edu
Sun Jan 6 12:02:23 AEST 1991
OK, this is for all you networking gods out there...
How does a machine accepting rlogin connections determine the username of
the user on the foreign host? If it is sent by the foreign host, what
prevents anyone with a basic knowledge of sockets from writing a bogus
version of rlogin and faking the username, in order to take advantage of a
.rhosts, for example? I've written some simple server/client stuff using
sockets, and the only way I could see to determine the username of the
incoming user was to have the client-side program send it to the server.
Assuming someone has a clue, please reply via e-mail to the address below.
RTFM's gladly accepted... :)
--
Gary A. Irick, Purdue University | "You can log out any time you like,
INTERNET: irick at en.ecn.purdue.edu | But you can never leave!"
UUCP: ...!pur-ee!irick | (apologies to The Eagles)
More information about the Comp.unix.questions
mailing list