avarni@cj.com writes:
[... much sensible stuff about rsh ...]
The fact that rsh relies on the source IP address for authentication, coupled with the fact that rsh runs over UDP
Gone over the top there! rsh uses TCP to port 514.
No code is running on the filer. I just wrote a very basic client/server type that runs over ssh using no-password dsa keys. The client, running on the DB servers, connect to the server process running on the management server, to communicate the request.
One of the goodies described in the 7.0RC1 documentation is a whole bunch of security controls over which useradmin-defined users can do what (unlike the previous "they are all root except for the name" state). And as said before, ssh/ssl support is bundled in. It will be interesting to see whether that's going to be sufficient to make locally-developed workrounds like yours (and I am sure there are lots of them around) wither away, or not.
Chris Thompson Email: cet1@cam.ac.uk