From: James Greer (netwk_dude_10@yahoo.com)
Date: Tue Oct 15 2002 - 10:10:13 EDT
Just a note to clarify my original question. Most of
the suggestions I've gotten have had to do with
killing inetd.conf entries (like rlogin and such) or
otherwise nuking the entire trusted host mechanism.
My problem is that I can't do that. I'm going through
the usual political fight (which I'm sure many of you
can relate to) over the trusted-host relationships
that have been in use for so long that they've become
ingrained in our processes and, no matter how
ill-advised, will not go away quickly.
My goal is to stop any more of these from appearing,
while still allowing those in place to function --
with the goal of getting rid of all of them
eventually. I guess I'm just looking for a granular
way of allowing or disallowing the functionality of
.rhosts files until I can purge the entire system of
them.
Hope this clears up my situation. Thanks for the
responses so far... will summarize all.
James
On Mon, 14 Oct 2002, James Greer wrote:
> Hello everyone;
>
> I'm trying to keep users from being able to open
> trusted host relationships via .rhosts files in
their
> home directories. Someone suggested that I go in as
> root and make a blank, root owned and 700 .rhosts
file
> in each home directory, but that doesn't help as
they
> can just erase it and create another.
>
> Is there a way through /etc/pam.conf or through RBAC
> (in Solaris 8) to restrict who can't use trust
> relationships if for one reason or another you can't
> issue a policy forbidding them altogether? (So that
> .rhosts files will simply not work.)
>
> Thanks... Will summarize.
>
> James
Faith Hill - Exclusive Performances, Videos & More
http://faith.yahoo.com
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:25:06 EDT