[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ALL: PARANOID from /etc/hosts.deny Should be Commented by default

On Wed, Apr 18, 2001 at 10:17:22PM +0200, Robert van der Meulen wrote:
> 
> Quoting Andrew Pimlott (andrew@pimlott.ne.mediaone.net):
> > PARANOID is there for people who want to do DNS hostname based
> > authentication and have it be slightly less broken.  That's it.  Can
> > anyone else document a real case in which denying based on PARANOID
> > helped?
> There is no such thing as DNS hostname based authentication.

???  What do you call rsh?  It doesn't use only the DNS hostname for
authentication, of course, but DNS hostname is a critical part.

> Can you give an example where you would want to allow access from an
> inconsequently configured machine, that is run by someone who doesn't know
> how to configure DNSs ?

Anytime I use a machine on a misconfigured network and want to log
on to my home PC.  This happens quite often: every time I use a
computer at a client site, or a school lab, or a friend's house,
there's a real chance that I'm on a misconfigured network.

Andrew
Reply to: