Restrict login through callback, not dial-in by mgetty?

Gert Doering (gert@greenie.muc.de)
Tue, 23 Feb 1999 11:02:11 +0100

Messages sorted by:[ date ][ thread ][ subject ][ author ]

Hi,

On Tue, Feb 23, 1999 at 05:01:26PM +0800, Pang Wai Man Raymond wrote:
> Thanks for your information. I tried and it works :) 
> 
> However, since the user "callback" has to be root's id to initiate the 
> callback, it may reveal a security problem. 

Why?  As long as his login shell is something that doesn't do anything
besides calling "callback", that's pretty safe.

> So, I prefer the old 
> configuration which password is not required, i.e.
> 
> callback N  -  - /usr/local/mgetty-1.1.20/callback/callback -l /dev/cua/a -S 12345678
> 
> IMHO, it will be prefect if the callback program could verify the caller first
> by some pre-defined passwords. Just my 2 cents comment.

It's on the TODO list anyway, but not yet implemented.

gert
-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert@greenie.muc.de
fax: +49-89-35655025                        gert.doering@physik.tu-muenchen.de