Implementing a Secure rlogin Environment:
A Case Study of Using a Secure Network Layer Protocol
Gene H. Kim, Hilarie Orman, and Sean O'Malley
Department of Computer Science
University of Arizona
Tucson, AZ 85721
Abstract
This paper describes our experiences building a secure rlogin
environment. With minimal changes to the rlogin server and the use of
a secure network layer protocol, we remove the vulnerability of
hostname-based authentication and IP source address spoofing. We
investigate how applications such as rlogin interact with this new
layer, and propose extensions to the rlogin server that can utilize
these services. We believe rlogin presents a situation where the
application layer seems the most appropriate location for enforcing
security policy, instead of in a lower layer.
Our layered approach to rlogin security achieves functionality similar
to the Kerberos klogin client and the encrypted telnet packages,
without their complexity or loss of generality. Implementing the
application layer rlogin server extensions required fewer than ninety
lines of code. Even if our rlogin application layer extensions are
omitted, rlogin connections still benefit from secure network layer
services.
Download the full text of this paper in
ASCII (37,864 bytes),
POSTSCRIPT (140,639 bytes),
and PDF (67,159 bytes) form.
To Become a USENIX Member, please see our
Membership Information.