Re: Merit Radius, realms, and Shell access

William Bulley (web@merit.edu)
Fri, 4 Oct 1996 13:01:33 -0400 (EDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: System Administration: "Re: Portmaster RADIUS Users Digest V96 #172"
Previous message: Steven P. Crain: "Merit Radius, realms, and Shell access"

According to Steven P. Crain:
>
> I am trying to get Merit radius working with our servers. There is no
> problem with PPP customers, but if someone logs in using a realm for shell
> access, the terminal server passes the realm on to the rlogin process
> (which doesn't understand realms and doesn't like that kind of username).
>
> What solutions have people come up with? I am looking for something that
> does not require the user to enter the username and password twice.
>
> I've tried passing back the realmless username as a reply item, and that
> has not worked. The NASs include Portmasters and Ascends.

We don't use rlogin in MichNet for the obvious security reasons. So,
that hasn't been a problem here. For telnet access, there are two things
going on: 1) user presents user credentials to NAS for access to network
resources, and 2) user presents user credentials telnet target host for
access to local host resources. All rlogin buys you is removal of step
two and this makes a big host security issue at most sites...

Regards,

web...

-- 
William Bulley, N8NXN              Senior Systems Research Programmer
Merit Network, Inc.                Email: web@merit.edu
4251 Plymouth Road, Suite C        Phone: (313) 764-9993
Ann Arbor, Michigan  48105-2785    Fax:   (313) 647-3185

Next message: System Administration: "Re: Portmaster RADIUS Users Digest V96 #172"
Previous message: Steven P. Crain: "Merit Radius, realms, and Shell access"