Check out the new USENIX Web site.

Implementing a Secure rlogin Environment:
A Case Study of Using a Secure Network Layer Protocol

Gene H. Kim, Hilarie Orman, and Sean O'Malley

Department of Computer Science
University of Arizona
Tucson, AZ 85721


This paper describes our experiences building a secure rlogin environment. With minimal changes to the rlogin server and the use of a secure network layer protocol, we remove the vulnerability of hostname-based authentication and IP source address spoofing. We investigate how applications such as rlogin interact with this new layer, and propose extensions to the rlogin server that can utilize these services. We believe rlogin presents a situation where the application layer seems the most appropriate location for enforcing security policy, instead of in a lower layer. Our layered approach to rlogin security achieves functionality similar to the Kerberos klogin client and the encrypted telnet packages, without their complexity or loss of generality. Implementing the application layer rlogin server extensions required fewer than ninety lines of code. Even if our rlogin application layer extensions are omitted, rlogin connections still benefit from secure network layer services.

Download the full text of this paper in ASCII (37,864 bytes),
POSTSCRIPT (140,639 bytes),
and PDF (67,159 bytes) form.

To Become a USENIX Member, please see our Membership Information.