Experimental Physics and Industrial Control System

1994  <19951996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024  Index 1994  <19951996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
<== Date ==> <== Thread ==>

Subject: Re: Access Security question
From: [email protected] (Marty Kraimer)
To: [email protected], [email protected]
Date: Tue, 19 Dec 1995 09:54:36 -0600
> From [email protected] Tue Dec 19 09:40 CST 1995
> Date: Tue, 19 Dec 1995 15:39:02 +0000 (GMT)
> From: Philip Taylor <[email protected]>
> X-Sender: pbt@orc
> To: [email protected]
> Subject: Access Security question
> Mime-Version: 1.0
> Content-Type: TEXT/PLAIN; charset=US-ASCII
> Content-Length: 1201
> Marty,
>      I have been playing with EPICS Access Security today,
> checking if the initial ideas we have about database access
> for telescope operations are feasible.
> I wonder if you could confirm something that rather surprised 
> me? An idea was that we would restrict write access to 'sensitive'
> records to a certain group of users (engineers) *wherever* they
> were located. As long as they know the password to log in to the
> right account on the correct local machine at the telescope then 
> they could go ahead. Typically this would be the case where
> the engineer is on call at night at the sea-level base with
> the telescope on the mountain-top, accessible via telnet/rlogin.
> But even if they are physically at the telescope they would
> usually use an X-terminal to work rather than logging in at
> a machine's console.
> However it appears that if you log in remotely via telnet
> or rlogin then the hostid's appears to be "REMOTE", even though
> you know the password to get into the right local machine. 
> So is the host id only useful for local logins, i.e. actually
> sitting at that machine? We very rarely work like that here,
> almost everything is via remote logins on X-terminals. etc.
> Thanks,
> Philip

At the present time and I forever REMOTE is not honored.
Jeff had a real problem finding a platform independent method of determining
if a user has performed a remote logon to a machine. At the last EPICS
meeting the consensus was that we should just allow everyone logged
on to a machine, remote or local, to have the same host name.
It sounds like this is just what you want!!

The documentation has not been updated.

I am sending this reply to epics_applications so all EPICS users can see this

Marty Kraimer

Navigate by Date:
Prev: [no subject] Thomas Dean
Next: bug reports Jeff Hill
Index: 1994  <19951996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024 
Navigate by Thread:
Prev: [no subject] Thomas Dean
Next: bug reports Jeff Hill
Index: 1994  <19951996  1997  1998  1999  2000  2001  2002  2003  2004  2005  2006  2007  2008  2009  2010  2011  2012  2013  2014  2015  2016  2017  2018  2019  2020  2021  2022  2023  2024