Hi All,
We have tcp_wrappers on all our SGI O2s. A faculty told me yesterday that he could get into our SGI O2s through Exceed (Hummingbird) although his IP address is not in
our hosts.allow file. After doing a little bit of research, I understand he used X Display Manager Control Protocol (XDMCP).
On Unix systems, the XDMCP service is usually provided by the xdm daemon, which runs continuously. Since it often also provides a login service to the X server
running on the same machine, disabling xdm entirely may not be a good idea. xdm's provision of display management to the world is controlled by the Xaccess file, it
is in /var/X11/xdm.
You need to comment the following two lines out:
(1) any host can get a login window
(2) CHOOSER BROADCAST
By doing these, users whose IP addresses are in the hosts.allow file can still access SGI O2 through Exceed.
Good luck.
Frank
-- Zhe (Frank) Zhou, Ph.D. Co-Director of NMR Research Center College of Basic Sciences, Louisiana State University Baton Rouge, LA 70803, USAEmail: zzhou1@lsu.edu Office: (225)-578-3460 Fax: (225)-578-3458 http://www.chem.lsu.edu/htdocs/people/fzhou/nmrweb/11.htm
This archive was generated by hypermail 2b29 : Tue Dec 17 2002 - 01:04:24 PST