Re: trusted hosts in a network

To: debian-user@lists.debian.org
Subject: Re: trusted hosts in a network
From: news.spiegl@kascada.com (Andy Spiegl)
Date: 2 Nov 1997 19:09:51 GMT
Message-id: <63ij5v$fa1$1@mpcii.appl-math.tu-muenchen.de>
References: <62ctgu$idh@sunsystem5.informatik.tu-muenchen.de>

According to Oliver Elphick <olly@lfix.co.uk>:
> Andy Spiegl wrote:
>  >I found the man page about hosts.equiv:
>  >
>  >       The hosts.equiv file allows or denies hosts and  users  to
>  >       use  the r-commands (e.g. rlogin, rsh or rcp) without sup=AD
>  >       plying a password.
>  >
>  >But I can't seem to set it up correctly.  I tried
>  >+mpci
>  >
>  >on one machine and
>  >+mpcii
>  >
>  >on the other (yes, those two are the host names), and I even
>  >tried a single '+', but I still get the password prompt.
>  >I just don't see what's wrong?  Help, please!
>
> 1. It should be enough just to list the machine names; the `+' is
> unnecessary.  I use the full machine and domain name, but I'm not
> sure if this is actually necessary.
>
> 2. The man page for rlogind says that it is possible to turn off the
> use of /etc/hosts.equiv or ~/.rhosts with the option `-L'.
>
> 3. If you are logged in as root, you can't use /etc/hosts.equiv. You
> can't use ~/.rhosts either unless rlogind is also invoked with `-h'.
> (That is how I interpret the man page for rlogind.)
>
> You don't want to use `-h' if your network has any exposure to the =
>outside world!

That's how I understand the man page, too.  I tried your suggestion
of leaving out the '+', but the behavior didn't change.  Then I read
(I think in hosts.equiv man page) that everything may be different,
when PAM is installed.  I checked and yes, I have PAM, because SAMBA
needs that.  I tried to understand how to configure PAM so it would
let me log in w/o password, but there is not a whole lot of docu-
mentation and that didn't help me.  :-(

Does anyone else know enough about PAM to help me there?
Or maybe I am wrong and it's not a PAM question after all?

Thanks again,
 Andy.
___________________________________________________________________
 Andy Spiegl, University of Technology, Muenchen, Germany
 E-Mail: spiegl@Appl-Math.TU-Muenchen.de OR: Andy.Spiegl@WriteMe.com
 URL:    http://www.appl-math.tu-muenchen.de/~spiegl
 PGP fingerprint: B8 48 24 7B DB 96 6F 1C  D9 6D 8E 6C DB C2 E7 E9
                                o      _     _         _
  --------- __o       __o      /\_   _ \\o  (_)\__/o  (_)
  ------- _`\<,_    _`\<,_    _>(_) (_)/<_    \_| \   _|/' \/
  ------ (_)/ (_)  (_)/ (_)  (_)        (_)   (_)    (_)'  _\o_
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Prev by Date: Re: problems with Jaz partitioning
Next by Date: Problem getting X windows to work
Previous by thread: Re: Samba Samba
Next by thread: Problem getting X windows to work
Index(es):
- Date
- Thread