[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: kdm chooser incorrectly reports Display not authorized

On Sat, Nov 17, 2001 at 11:56:30AM -0800, Eric Nodwell wrote:
> 
> > > Apparently the former means "any host can get a chooser but not a
> > > login window", while the latter means "any host can get a chooser or a
> > > login window".
> > 
> > this is disabled by default because it's a security risk and generally
> > discouraged.
> 
> What is discouraged?  Allowing a host to get a chooser, or both a
> chooser and a login window, or xdmcp altogether?  What would be the
> alternative?

both.  I guess the only alternative would be something like VNC however this
is not to say you can't use this.  It's just that it's generally considered
to be insecure and if your going to use it you should do so in a secure
manner if that's even possible.  

> In our case we've configured the firewall to allow connections to port
> 177 only for the ip addresses of our terminals.  Also our network uses
> switches instead of hubs, so eavesdropping on clear-text packets is
> not possible.  Is there still a security risk?

there's always a security risk... :)  

theoretically you should be ok.  

Ivan

-- 
----------------
Ivan E. Moore II
rkrusty@tdyc.com
http://snowcrash.tdyc.com
GPG KeyID=90BCE0DD
GPG Fingerprint=F2FC 69FD 0DA0 4FB8 225E 27B6 7645 8141 90BC E0DD
Reply to: