Unix network security (was "CERT Internet Security Advisory")
Steven M. Schultz
sms at WLV.IMSD.CONTEL.COM
Fri Aug 18 15:37:38 AEST 1989
In article <3942 at phri.UUCP> roy at phri.UUCP (Roy Smith) writes:
>In <1064 at accuvax.nwu.edu> phil at delta.eecs.nwu.edu (William LeFebvre) writes:
>> When /bin/login knows it is processing a remote login, why can't it
>> check the hostname against a list of "allowed" hosts?
>
> Actually, I can find one problem with William's suggestion. Just
>like people tend to pick poor passwords, I suspect many people would put
>"*" in their .netaccess files, effectively defeating the whole idea.
How about inverting the meaning of ".netaccess"? By this i
mean making it a list of hosts/addresses to be rejected. There
have been times when it would be desireable to let connections
from all systems except a list of bad/undesireables.
Steven M. Schultz
sms at wlv.imsd.contel.com
More information about the Comp.unix.wizards
mailing list