--Boundary_(ID_uhjAg/OTBAeYVlI+9RbUYQ)
Content-type: text/plain; CHARSET=US-ASCII
Content-disposition: inline
My thanks go to David
Thorburn-Gundlach<dtg@cae091.ed.ray.com> which
answered my question. Problem resolved. The
original question and the answer from David is
forwarded as follows:
--Boundary_(ID_uhjAg/OTBAeYVlI+9RbUYQ)
Content-type: MESSAGE/RFC822
Received: from drew.sabre.com (drew.sabre.com [199.100.49.6])
by amrcorp.com (8.7.1/8.7.1) with ESMTP id HAA08941 for <Kerr_Tung@sabre.com>;
Mon, 20 Oct 1997 07:38:15 -0500 (CDT)
Received: (from mailer@localhost) by drew.sabre.com (8.8.7/8.7.4)
id HAA16286 for <Kerr_Tung@sabre.com>; Mon, 20 Oct 1997 07:38:14 -0500 (CDT)
Received: from gatekeeper.ray.com(138.125.162.1) by drew.sabre.com via smap
(V2.0) id xma016192; Mon, 20 Oct 97 07:38:06 -0500
Received: (mailer@localhost) by gatekeeper.ray.com (8.8.7/8.8.7)
id IAA27436; Mon, 20 Oct 1997 08:36:43 -0400
Received: from jaguar.nmc.ed.ray.com/138.125.17.6(<dtg@cae091.ed.ray.com>)
by gatekeeper.ray.com id sma026327; Mon Oct 20 08:35:29 1997
Received: from cae207.ed.ray.com ([138.125.24.36])
by jaguar.nmc.ed.ray.com (4.1/SMI-4.1-DNI) id AA25990; Mon,
20 Oct 97 08:35:24 EDT
Received: from cae207 by cae207.ed.ray.com (SMI-8.6/SMI-SVR4) id IAA23629; Mon,
20 Oct 1997 08:34:59 -0400
Date: Mon, 20 Oct 1997 06:34:59 -0600
From: David Thorburn-Gundlach <dtg@cae091.ed.ray.com>
Subject: Re: How to enforce offical-host-name for rsh/rlogin? Will post summary!
Sender: dtg11111@cae091.ed.ray.com
To: Kerr_Tung@sabre.com
Message-id: <344B4FF3.749D@cae091.ed.ray.com>
Organization: Raytheon
MIME-version: 1.0
X-Mailer: Mozilla 3.0 (X11; I; SunOS 5.5.1 sun4u)
Content-type: text/plain; CHARSET=US-ASCII
Content-disposition: inline
X-SMAP-TO: <david@bae.uga.edu> <Kerr_Tung@sabre.com>
References: <s447c763.003@sabre.com>
X-Authentication-warning: drew.sabre.com: mailer set sender to
<dtg@cae091.ed.ray.com> using -f
Kerr --
Kerr Tung wrote:
>
> Hi all,
Hi there!
>
> How do I make a host's official-host-name, i.e.
> abc.def.com be recognized by rsh/rlogin, not the
> nickname abc?
That FQDN must be the first thing that a name lookup will see.
>
> I checked the hostname abc with "nslookup abc" and
> "ypcat hosts |grep abc" and didn't find anything
> different for this host from the other hosts
> defined -- it is defined with both abc.def.com and
Which is first on the line, though?
> abc. However, when I use rsh/rlogin to this
> machine, only the nick name is accepted. I hate to
> add "abc" in the /etc/hosts.equiv or .rhosts to
Yeah; that's not such a good idea.
> just make it work, reasoning that may impose a
> bigger security hole than just having the official
> host name abc.def.com.
You didn't mention your OS, but you mentioned running under YP... If
you're running Solaris, it's fairly easy, though it will completely go
around your YP hosts map (so why bother keeping it up?); mind you, *all*
programs will see DNS first. Just modify /etc/nsswitch.conf to ensure
that "dns" comes before "nis" on the "hosts:" line.
You could also turn your YP hosts map inside out. You probably have
something like this at the moment:
111.222.333.444 abc abc.def.com
If you want rsh to recognize the remote machine as abc.def.com instead
of abc, you need to have your entries look like
111.222.333.444 abc.def.com abc
Both of these are because in.rshd/in.telnetd/etcetc all get an IP
address and have to see what host name *the*local*machine* thinks it is;
it make a call (probably gethostbyaddr, but I'm not enough of a
programmer to know) to its name service(s) to find out what the right
value is, and returns the FIRST thing it finds.
>
> How should I fix this? No flame for using .rhosts
> and hosts.equiv, please.
Hey; I'm with ya ;-)
>
> Thanks,
> Kerr
:-D
-- David Thorburn-Gundlach dtg@cae091.ed.ray.com,david@bae.uga.edu Raytheon 508/440-2016 or 508/440-2317
--Boundary_(ID_uhjAg/OTBAeYVlI+9RbUYQ)--