[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: trusted hosts in a network

According to Oliver Elphick <olly@lfix.co.uk>:
> Andy Spiegl wrote:
>  >I found the man page about hosts.equiv:
>  >
>  >       The hosts.equiv file allows or denies hosts and  users  to
>  >       use  the r-commands (e.g. rlogin, rsh or rcp) without sup=AD
>  >       plying a password.
>  >
>  >But I can't seem to set it up correctly.  I tried
>  >+mpci
>  >
>  >on one machine and
>  >+mpcii
>  >
>  >on the other (yes, those two are the host names), and I even
>  >tried a single '+', but I still get the password prompt.
>  >I just don't see what's wrong?  Help, please!
> 1. It should be enough just to list the machine names; the `+' is
> unnecessary.  I use the full machine and domain name, but I'm not
> sure if this is actually necessary.
> 2. The man page for rlogind says that it is possible to turn off the
> use of /etc/hosts.equiv or ~/.rhosts with the option `-L'.
> 3. If you are logged in as root, you can't use /etc/hosts.equiv. You
> can't use ~/.rhosts either unless rlogind is also invoked with `-h'.
> (That is how I interpret the man page for rlogind.)
> You don't want to use `-h' if your network has any exposure to the =
>outside world!

That's how I understand the man page, too.  I tried your suggestion
of leaving out the '+', but the behavior didn't change.  Then I read
(I think in hosts.equiv man page) that everything may be different,
when PAM is installed.  I checked and yes, I have PAM, because SAMBA
needs that.  I tried to understand how to configure PAM so it would
let me log in w/o password, but there is not a whole lot of docu-
mentation and that didn't help me.  :-(

Does anyone else know enough about PAM to help me there?
Or maybe I am wrong and it's not a PAM question after all?

Thanks again,
 Andy Spiegl, University of Technology, Muenchen, Germany
 E-Mail: spiegl@Appl-Math.TU-Muenchen.de OR: Andy.Spiegl@WriteMe.com
 URL:    http://www.appl-math.tu-muenchen.de/~spiegl
 PGP fingerprint: B8 48 24 7B DB 96 6F 1C  D9 6D 8E 6C DB C2 E7 E9
                                o      _     _         _
  --------- __o       __o      /\_   _ \\o  (_)\__/o  (_)
  ------- _`\<,_    _`\<,_    _>(_) (_)/<_    \_| \   _|/' \/
  ------ (_)/ (_)  (_)/ (_)  (_)        (_)   (_)    (_)'  _\o_

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to: