rlogin verification

GarBear Irick irick at ei.ecn.purdue.edu
Sun Jan 6 12:02:23 AEST 1991


OK, this is for all you networking gods out there...

How does a machine accepting rlogin connections determine the username of
the user on the foreign host?  If it is sent by the foreign host, what
prevents anyone with a basic knowledge of sockets from writing a bogus
version of rlogin and faking the username, in order to take advantage of a
.rhosts, for example?  I've written some simple server/client stuff using
sockets, and the only way I could see to determine the username of the
incoming user was to have the client-side program send it to the server. 

Assuming someone has a clue, please reply via e-mail to the address below.
RTFM's gladly accepted... :)


--
Gary A. Irick,  Purdue University | "You can log out any time you like,
INTERNET: irick at en.ecn.purdue.edu |  But you can never leave!"
UUCP:     ...!pur-ee!irick        |       (apologies to The Eagles)



More information about the Comp.unix.questions mailing list