In this case I wonder about the following .... is X(DM) more secure ? ...
using XDMCP I can log in from any machine as root from my network. I know I
can modify the Xaccess file to allow only connections from certain hosts,
but I think this disables the general XDM login (for all users) ... can I
also disallow root from using XDM (perhaps only from a secure workstation ?)
> -----Original Message-----
> From: Mark Hahn [SMTP:[EMAIL PROTECTED]]
> Sent: Saturday, March 06, 1999 6:24 PM
> To: [EMAIL PROTECTED]
> Subject: Re: root login?
>
> > > It is for security reason, you can't connect directly by root, only
> > > with su.
> >
> > > > I use win95's telnet connect to RedHat Linux (kernel 2.0.33).
> > > >I can not login using the name 'root'(of course I give the right
> > > >password), but I can login using another name(such as 'guest')
> > > >and 'su' to root. Why? thanks!
>
> the explanation given omits the important reason: telnet is INSECURE.
> you MUST NEVER telnet (or ftp or rlogin) as root, unless you have some
> reason to believe your net is really, really free of sniffers. the issue,
> of course, is that the password is transmitted in the clear, and therefore
> trivial to sniff. most competent admins use ssh these days. there are
> a few other secure login systems, but most are more obscure or difficult
> to admin (ie, kerberos).
>
> > To expand slightly on the above answer: if you log in as root nobody
> > else can know who logged in as root. It is true that if you can log
>
> this may be an issue for you; it certainly isn't a general one.
>
> > A secure system will have a 'wheel' group. su will have group
>
> this is also not universally true. it's a nice trick, but not necessary.
>
> > Therefore, even a person who has managed to snoop the root password
> > will not be able to su or log in as root without obtaining direct
>
> uh, a sniffer will work just as well when you when you telnet/rlogin
> as wheel, then su to root.
>
>
Vriendelijke Groeten / Kind Regards,
Alexander van Luijpen
Philips Semiconductors Nederland
Test and Product Engineering
MOS4YOU - C075 OTP / Consumer Systems Nijmegen - BL Video
email: [EMAIL PROTECTED] email:
[EMAIL PROTECTED]
tel: (+31)-24-353 4639
tel: (+31)-24-378 9475
>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
