Path: utzoo!attcan!uunet!cs.utexas.edu!csd4.csd.uwm.edu!bionet!sdsu!usc!henry.jpl.nasa.gov!elroy.jpl.nasa.gov!mahendo!wlbr!WLV.IMSD.CONTEL.COM!sms
From: sms@WLV.IMSD.CONTEL.COM (Steven M. Schultz)
Newsgroups: comp.unix.wizards
Subject: Re: Unix network security (was "CERT Internet Security Advisory")
Message-ID: <35131@wlbr.IMSD.CONTEL.COM>
Date: 18 Aug 89 05:37:38 GMT
References: <3855@fy.sei.cmu.edu> <1064@accuvax.nwu.edu> <3942@phri.UUCP>
Sender: news@wlbr.IMSD.CONTEL.COM
Reply-To: sms@WLV.IMSD.CONTEL.COM.UUCP (Steven M. Schultz)
Organization: Contel Federal Systems
Lines: 16

In article <3942@phri.UUCP> roy@phri.UUCP (Roy Smith) writes:
>In <1064@accuvax.nwu.edu> phil@delta.eecs.nwu.edu (William LeFebvre) writes:
>> When /bin/login knows it is processing a remote login, why can't it
>> check the hostname against a list of "allowed" hosts?
>
>	Actually, I can find one problem with William's suggestion.  Just
>like people tend to pick poor passwords, I suspect many people would put
>"*" in their .netaccess files, effectively defeating the whole idea.

	How about inverting the meaning of ".netaccess"?  By this i
	mean making it a list of hosts/addresses to be rejected.  There
	have been times when it would be desireable to let connections
	from all systems except a list of bad/undesireables.

	Steven M. Schultz
	sms@wlv.imsd.contel.com