Hi All,
We have tcp_wrappers on all our SGI O2s. A faculty told me yesterday that he could get into our SGI O2s through Exceed (Hummingbird) although his IP address is not in
our hosts.allow file. After doing a little bit of research, I understand he used X Display Manager Control Protocol (XDMCP).
On Unix systems, the XDMCP service is usually provided by the xdm daemon, which runs continuously. Since it often also provides a login service to the X server
running on the same machine, disabling xdm entirely may not be a good idea. xdm's provision of display management to the world is controlled by the Xaccess file, it
is in /var/X11/xdm.
You need to comment the following two lines out:
(1) any host can get a login window
(2) CHOOSER BROADCAST
By doing these, users whose IP addresses are in the hosts.allow file can still access SGI O2 through Exceed.
Good luck.
Frank
--
Zhe (Frank) Zhou, Ph.D.
Co-Director of NMR Research Center
College of Basic Sciences, Louisiana State University
Baton Rouge, LA 70803, USA
Email: zzhou1_at_lsu.edu
Office: (225)-578-3460
Fax: (225)-578-3458
http://www.chem.lsu.edu/htdocs/people/fzhou/nmrweb/11.htm
Received on Tue May 28 2002 - 09:04:15 MST