Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Be careful with this and ssh/rsh!' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Be careful with this and ssh/rsh!
Authored by: miketja on Mar 11, '02 05:17:55PM

Simply modifying the password to something that no longer works is normally fine, but be careful of login methods that do not check the user's password. If you have rsh enabled, and the user has a .rhosts file, they can login directly to your machine without specifying a password -- rsh will not check /etc/passwd if .rhosts is valid.

Similarly with ssh, if RSA/DSA key authentication is enabled (which I believe it is in OSX by default). If the user has an authorized_keys or authorized_keys2 file in their ~/.ssh directory, they can ssh into the OSX box using RSA/DSA keys rather than a password. Like rsh, simply changing the entry in /etc/passwd (or in NetInfo) doesn't stop this.

In short, changing a user's password will only stop them from logging in if their password is actually checked by the system at login time.



[ Reply to This | # ]