[plug] Linux replacing terminal server
Bernd Felsche
bernie at innovative.iinet.net.au
Wed Apr 2 13:06:25 WST 2003
On Wed, Apr 02, 2003 at 12:11:18PM +0800, Matt Kemner wrote:
> On Wed, 2 Apr 2003, quoth Bernd Felsche:
>
> > I'd considered rlogin in pretty much the same vein. Problem is then
> > password synch between "terminal server" and target host if the user
> > moves around.
>
> Why? just have getty run "rlogin -l $username" (via a script) instead of
> running "login" locally - the local password file will never be consulted.
Ermm.. right. You can do it that way, but shouldn't... see below.
> Eg I just added this to my inittab:
> 8:23:respawn:/sbin/getty 38400 tty8 -l "/usr/local/bin/myrlogin"
>
> and created a script called "myrlogin" which contains:
> #!/bin/bash
> echo $*
> /usr/bin/rlogin -l "$2" live
>
> and can log into tty8 using a username/password which only exists on
> "live", not this machine.
Thanks... that's almost what I needed.
But rlogin has an "escape", doesn't it?
What uid will that have if the user escapes to a shell?
Maybe
su nobody /usr/bin/rlogin -l "$2" live
would be sufficient.
Would netcat be less harmful if run as "nobody"?
Obviously, the ports would have to "belong" to nobody to allow the
speed, etc to be set.
--
/"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
\ / ASCII ribbon campaign | I'm a .signature virus!
X against HTML mail | Copy me into your ~/.signature
/ \ and postings | to help me spread!
More information about the plug
mailing list