by I just started here a month or so ago, as a tech/sysadmin. I've spent some
of my time closing security holes, installing tcp_wrappers, sendmail 8.6.9,
wuarchive's ftpd, the whole bit. I finally get around to looking at the
Sun we have hooked up to our half-million dollar spectrometer, and setting
up software on it.
I was putzing around, putting gzip/tcsh and other stuff in place, when my mind
noticed that I didn't have to enter a password when rlogging in to the host.
I assumed it was because I had the originating host in my ~/.rhosts that I
was getting in. Then my mind clicked. My home directory on the spectrometer
was empty. How could I log in without using a password, I thought. Then it
hit me.
atlantis:~ > rlogin <spectrometer hostname>
Last login: Tue Nov 8 14:59:02 from atlantis.Colorad
SunOS Release 4.1.3_U1 (CUSTOM) #1: Sat Nov 5 15:49:57 MST 1994
hostname% cd /etc
hostname%
hostname% more hosts.equiv
+
hostname%
I immediately screamed. And then deleted hosts.equiv.
It's been like this for a year or so. I love Sun.
Sorry to anyone who loses net access as a result. =]
--D.
P.S. Think I'll do a clean reinstall of the system.
P.P.S. Maybe Sun should put a big sticker on the machines they ship
about changing hosts.equiv?