[SunHELP] Solaris Installation without Xwindows Support..

DAUBIGNE Sebastien - BOR ( SDaubigne@bordeaux-bersol.sema.slb.com ) SDaubigne at bordeaux-bersol.sema.slb.com
Wed Oct 9 03:59:37 CDT 2002 

As far as I know, telnet is as secure as rexec.
Both send user name and unencrypted password as authentification.

int rexec(char **ahost, unsigned short inport, const char *user, const char
*passwd, const char *cmd, int *fd2p);

rsh is less secure if you use the hosts.equiv/.rhosts facility
(authentification based on IP address and reserved ports numbers).

Another alternative if to use XDMCP, which uses a similar authentification
method as telnet/rexec.

---
Sebastien DAUBIGNE
sdaubigne at bordeaux-bersol.sema.slb.com <mailto:sebastien.daubigne at sema.fr>
- (+33)5.57.26.56.36
SchlumbergerSema - SGS/DWH/Pessac


	-----Message d'origine-----
	De:	Sheldon T. Hall [SMTP:shel at cmhcsys.com]
	Date:	mardi 8 octobre 2002 23:24
	@:	sunhelp at sunhelp.org
	Objet:	Re: [SunHELP] Solaris Installation without Xwindows
Support..

	Original Message From: "Chris David" <kchris_iii at hotmail.com>

	> Thanks all for 'netra' help. Due to some security risks, i was
told to
	> install Solaris without X windows support? Have any one installed
Solaris
	8
	> without X windows? If i install successfully, can i use some tools
like
	> Exceed to call gui (if required)?

	I wouldn't think so.  If there's no "X windows" installed on the
machine,
	i.e. no /usr/openwin/bin or /usr/dt/bin or equivalent trees, Exceed
wouldn't
	have anything to talk to.  There wouldn't be a window manager, an
xterm
	program, or any of that stuff.

	I'm not sure that X, in and of itself, is that big of a security
risk.  The
	rsh and rexec methods of starting an X client certainly are, but X
itself?
	Probably not.

	Without rsh or rexec running (you can turn them off in
/etc/inetd.conf, I
	think), but _with_ the X stuff installed, anyone wanting the X gui
could
	still get it, but they would have to telnet in to the box to start
it. That
	would leave a much better audit trail than rsh or rexec do.

	I'm no security expert, though.

	-Shel
	_______________________________________________
	SunHELP maillist  -  SunHELP at sunhelp.org
	http://www.sunhelp.org/mailman/listinfo/sunhelp

More information about the SunHELP mailing list