32
32
32
32
Chapter 4
where
terminal
is the terminal name and
user
is the user name from the
terminal (
root
is automatically used if security is disabled;
guest
is automatically
used if security is enabled
and
auto login as guest
is selected).
In addition, the terminal optionally supports both Kerberos authentication and DES
data encryption for RSH commands, although the X protocol packets for an X
application will not go through the DES data encryption layer.
Secure Shell
Secure Shell
Secure Shell
Secure Shell
This is an additional method for using the X Manager with RSH. The distribution
includes the shell
rshsecure
, which is designed to perform a more secure method
for managing RSH requests.
rshsecure
also provides the ability for users to run
shell scripts, such as those invoked from an XDM session on an X terminal. The
remainder of this section describes how to configure your server for use with the
rshsecure
shell.
Start by creating a new account. For security reasons, make sure this account is
not the superuser account.
As root, create a .
rhosts
file for this user, and make sure the ownership of the
.
rhosts
file gets changed (
chown
) to this user. In the .
rhosts
file, add one entry
for every terminal/user pair you want to go through
rshsecure
. For example, if
you are using your terminals as “security disabled” and you are using DHCP, you
can put every DHCP IP address in the .
rhosts
file with the user name being
root
.
After saving the .
rhosts
file and using
chown
to assign ownership, make sure it is
writable
only by the user and not by anyone else (
chmod 644 .rhosts
).
Change the login shell for the account to be the
rshsecure
program (based upon
where you installed it, since you need a full path name).
Note
Note
Note
Note
On Linux, the included
rshsecure
binary uses
libc5
.
Determine the set of commands you will be allowing your users to run and create
the file
rshsecure
.
cfg
in the login directory for this user. Again, make sure that it
is not writable by anyone except the owner. Lines starting with the pound sign (#)
are treated as comments. The first non-comment line is the shell to be used when
invoking commands. The second non-comment line is the
xterm
program (or
equivalent). The third non-comment line is the
su
program. All three of these
programs should be fully qualified with path names to eliminate possible security
concerns. All remaining lines are the authorized commands. The
rshsecure
program does a literal comparison of the entries in this file to the command passed
via RSH (with arguments removed), so, for example, comparing
/bin/ls
to
/
bin/ls
will succeed and comparing
ls
to
/bin/ls
will fail.
Summary of Contents for T1500 - Windows-based Terminals - 72 MB RAM
Page 1: ...T1500 WINDOWS BASED TERMINAL NETWORK INSTALLATION GUIDE...
Page 2: ......
Page 3: ...T1500 WINDOWS BASED TERMINAL NETWORK INSTALLATION GUIDE December 1999...
Page 12: ...x x x x...
Page 42: ...28 28 28 28 Chapter 3...
Page 48: ...34 34 34 34 Chapter 4...
Page 52: ...38 38 38 38 Chapter 5...