The Ataman™ Rlogind Service
Yüklə 209,44 Kb. Pdf görüntüsü
|
If you have tried the ATRLS and decided it meets your needs, please see the Ordering the ATRLS section to purchase the latest version. 3. Security Considerations This manual assumes that you are familiar with the risks and benefits of the rshd, rexecd, rlogind and telnetd services found on Unix and other operating systems. The secure operation of these services is a complicated matter, and this manual provides only the details specific to this implementation. If you are unfamiliar with the security aspects of these services, Ataman advises you to consult a TCP/IP networking protocols tutorial. The Ataman TCP Remote Logon Services (ATRLS) allow users to remotely logon within their own security context. However, several security issues remain because Microsoft Windows is not implemented with full support for remotely logged in users. 3.1 Potential Interaction Problems 3.1.1 Random sounding of the system bell Remote users may run programs that cause an action to request the system bell to ring. The system bell associated with the main monitor will sound because Windows does not redirect this function. Locally logged-on users, unaware of remote users running programs, may think they have made a mistake since the bell seems to ring at random.
Microsoft provides no clean method of killing a process in Windows. There is a kill provided, but that kill does not notify DLLs that are attached to the killed process of the exit. This potentially leaves dead data inside those DLLs. We do use the kill provided to cleanup logon sessions that are unexpectedly terminated. If your program uses DLLs and your connection is unexpectedly broken, you may encounter this problem. Unfortunately, Microsoft does not document the conditions where dead data is left inside DLLs. However, in practice, the vast majority of programs do not seem to be affected. Please understand, this problem is a shortcoming of Windows and not a flaw in Ataman’s services. Hopefully, Microsoft will become embarrassed about this obvious and serious shortcoming in Windows and provide a proper mechanism to cleanly terminate processes. 3.3 Other issues The issues described above are the only security problems identified thus far. However, since Windows does not fully support remotely logged-on users, it is likely that new security holes will be discovered. In short, remotely logged-on users using the Ataman telnetd, rlogind or rexecd services should be limited. The security levels of these users should reflect their potential to gain privileged access to the system. The section Using the Ataman TCP Remote Logon Services section below covers the mechanism used to restrict the users allowed to logon. 4
4. Requirements • Windows XP Home/XP Professional/2003 Server/2008 Server/ Vista/ 7 /2008 Server R2 • Microsoft Winsock Version 2 installed and configured. 5. Installation Your user account must have Administrators or Domain Admin privilege levels to install the ATRLS. On the system that you wish to install the Ataman TCP Remote Logon Services, create a directory that is local to that system. For example: mkdir c:\atrls The directory you create must have its permissions set such that the executable (*.exe) files can be read and executed by the SYSTEM account and all user accounts that will be allowed to remotely logon. All directories in the path to the executables must be searchable by those accounts. Change your working directory to this new directory. Unzip the archive into this directory. To install the ATRLS type: atrls install start You should now proceed to the Using the Ataman TCP Remote Logon Services
section in order to authorize users to logon. 6. Removal Do NOT use the procedures in this section if you are upgrading or moving the software to a different location on the same machine. Instead, follow the information in the
Upgrading or
Reinstallation sections. Ataman Software is committed to making the use of its software as easy as possible for the end user. Most users prefer software that removes as easily as it installed, thus we provide a procedure to uninstall the software. The uninstall procedure removes the services and all associated registry entries. It does not remove the disk files as you may simply be moving the software to a different machine. If you need to remove the ATRLS from your system, type: atrls stop remove
If you want to move the ATRLS to a new location on your machine, stop the ATRLS service: atrls stop 5
Move the files to the new location, then: atrls reinstall start Using this method will preserve all your old configuration settings.
You might want to first create backups of your current settings. You can do this using the “dump” option to the auseradm.exe and aconfig.exe commands. See Configuring the ATRLS from the Command Line for details. To upgrade to a new version of the ATRLS, in the directory of the old version type: atrls stop Unzip the new archive into the directory of your choice, then in the new directory type: atrls upgrade start Using this method will preserve all your old configuration settings. This upgrade method will work for the version 2.X -> 3.X -> 4.X → 5.X upgrade as well. However, if you were using the version 2.X environment file option, make sure you save your environment file and read the Version 3.X and newer doesn’t have the Environment File option section. If you are upgrading to a new major version, you need to install your new registration code. See the Registration section for details. 9. Registration 9.1 Ordering Registration Code After evaluating the Ataman TCP Remote Logon Services (ATRLS) and finding it meets your needs, you need to purchase a license to continue using the product. Please see the Ordering the ATRLS section to purchase the latest version. Once Ataman Software has processed your order, you will receive a registration code. This registration code acts as a key to the software. The code notifies the software that you are a registered user and disables the payment reminders and other reminder features. These reminder features insure that evaluating users do not use the software beyond the evaluation period. One nice feature of the ATRLS is that future minor revisions of the ATRLS use the same registration code. Only major revisions will require purchase of a new registration code. A major product revision adds significant new features to the product; a minor revision generally contains fixes and minor enhancements. Registration codes are tied to the name of the registered user and cause the product to list that user as the proper licensee of the product. You should never share your registration code with another user, as your name must appear as the licensee of that copy in order for the registration code to work. 6
Yüklə 209,44 Kb. Dostları ilə paylaş:
|