Re: trusted hosts in a network
- To: debian-user@lists.debian.org
- Subject: Re: trusted hosts in a network
- From: news.spiegl@kascada.com (Andy Spiegl)
- Date: 2 Nov 1997 19:09:51 GMT
- Message-id: <63ij5v$fa1$1@mpcii.appl-math.tu-muenchen.de>
- References: <62ctgu$idh@sunsystem5.informatik.tu-muenchen.de>
According to Oliver Elphick <olly@lfix.co.uk>:
> Andy Spiegl wrote:
> >I found the man page about hosts.equiv:
> >
> > The hosts.equiv file allows or denies hosts and users to
> > use the r-commands (e.g. rlogin, rsh or rcp) without sup=AD
> > plying a password.
> >
> >But I can't seem to set it up correctly. I tried
> >+mpci
> >
> >on one machine and
> >+mpcii
> >
> >on the other (yes, those two are the host names), and I even
> >tried a single '+', but I still get the password prompt.
> >I just don't see what's wrong? Help, please!
>
> 1. It should be enough just to list the machine names; the `+' is
> unnecessary. I use the full machine and domain name, but I'm not
> sure if this is actually necessary.
>
> 2. The man page for rlogind says that it is possible to turn off the
> use of /etc/hosts.equiv or ~/.rhosts with the option `-L'.
>
> 3. If you are logged in as root, you can't use /etc/hosts.equiv. You
> can't use ~/.rhosts either unless rlogind is also invoked with `-h'.
> (That is how I interpret the man page for rlogind.)
>
> You don't want to use `-h' if your network has any exposure to the =
>outside world!
That's how I understand the man page, too. I tried your suggestion
of leaving out the '+', but the behavior didn't change. Then I read
(I think in hosts.equiv man page) that everything may be different,
when PAM is installed. I checked and yes, I have PAM, because SAMBA
needs that. I tried to understand how to configure PAM so it would
let me log in w/o password, but there is not a whole lot of docu-
mentation and that didn't help me. :-(
Does anyone else know enough about PAM to help me there?
Or maybe I am wrong and it's not a PAM question after all?
Thanks again,
Andy.
___________________________________________________________________
Andy Spiegl, University of Technology, Muenchen, Germany
E-Mail: spiegl@Appl-Math.TU-Muenchen.de OR: Andy.Spiegl@WriteMe.com
URL: http://www.appl-math.tu-muenchen.de/~spiegl
PGP fingerprint: B8 48 24 7B DB 96 6F 1C D9 6D 8E 6C DB C2 E7 E9
o _ _ _
--------- __o __o /\_ _ \\o (_)\__/o (_)
------- _`\<,_ _`\<,_ _>(_) (_)/<_ \_| \ _|/' \/
------ (_)/ (_) (_)/ (_) (_) (_) (_) (_)' _\o_
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: