Re: How do you stop !root logins from dialup connections

Kurt Albershardt (kurt@rain.org)
Wed, 27 Sep 1995 00:22:29 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: David Carmean: "Re: The official word on assigned addressing - also a note on email"
Previous message: Brian 'MegaZone' Bikowicz: "Re: dynamically assigned IP numbers (fwd)"
Maybe in reply to: Scott Henry: "How do you stop !root logins from dialup connections"
Next in thread: Mike A Lyons: "Re: How do you stop !root logins from dialup connections"

I like the idea of having an alternate (root-equivalent) login available.
Two thoughts on this:

How about two extra logins (or classes of login in the user table?) One
root equivalent and one root-almost equivalent--one that could reset ports,
reboot, and do general diagnostic work, but couldn't change critical
parameters or view detailed configs.

How about a root-equivalent (or as above) that's authenticated through the
radius (and/or kerberos) scheme--thus eventually allowing s/key or
SecureCard single-use systems to be added, and also allowing those of us
with many pieces of datacomm hardware to dispense with the long password
lists we must maintain. An alternate would be an s/key scheme within ComOs.
All of these could be bypassed with the actual root password--just don't use
the root password except as a last resort.

________________________________________________________

_/_/_/ _/_/ _/ _/ _/
_/ _/ _/ _/ _/ _/_/ _/ Kurt Albershardt
_/ _/_/ _/_/_/ _/ _/ _/ _/ Director of Technical Operations
_/ _/ _/ _/ _/ _/ _/_/ kurt@rain.org
_/ _/ _/ _/ _/ _/ _/
Regional Alliance for Information Networking

Next message: David Carmean: "Re: The official word on assigned addressing - also a note on email"
Previous message: Brian 'MegaZone' Bikowicz: "Re: dynamically assigned IP numbers (fwd)"
Maybe in reply to: Scott Henry: "How do you stop !root logins from dialup connections"
Next in thread: Mike A Lyons: "Re: How do you stop !root logins from dialup connections"