On Wed, 12 May 1999, Bennett Todd wrote:
> 1999-05-11-22:25:22 Paul Hubbard:
> > Are there any packages/programs that will allow me to set things up like
> > this:
> >
> > user aaa can login from local machines and *.earthlink.net
> > user bbb can login from local machines and *.gte.net
> > user ccc can login from anywhere
> > all others can login only from local machines
>
> I dunno of logdaemon[1] offers that granularity, but that's the first place
> I'd look.
>
> But a bigger question is how worthwhile are that particular sort of
> restrictions? I don't value them a whole lot, myself, since such restrictions
> depend on people being unable to overwhelm any machine in a position to forge
> the needed source addresses. I prefer instead arranging for users who need
> remote access over the internet to have a trusted computing base --- perhaps a
> laptop, perhaps their home machine --- which contains suitable crypto keys for
> a protocol like ssh.
>
One of the big problems with this is the students logging in from home
during the summer. Most are using a generic telnet from some ISP and
nothing is going to be secure. Are there free ssh clients for PCs and
Macs out there? I have the servers installed on all of our machines
and I use it for unix->unix connections.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
