Implementing a Secure rlogin Environment: A Case Study of Using a Secure Network Layer Protocol

This paper describes our experiences building a secure rlogin environment. With minimal changes to the rlogin server and the use of a secure network layer protocol, we remove the vulnerability of hostname-based authentication and IP source address spoofing. We investigate how applications such as rlogin interact with this new layer, and propose extensions to the rlogin server that can utilize these services. We believe rlogin presents a situation where the application layer seems the most appropriate location for enforcing security policy, instead of in a lower layer. Our layered approach to rlogin security achieves functionality similar to the Kerberos klogin client and the encrypted telnet packages, without their complexity or loss of generality. Implementing the application layer rlogin server extensions required fewer than ninety lines of code. Even if our rlogin application layer extensions are omitted, rlogin connections still benefit from secure network layer services.