pam_rhosts_auth
I know rhosts is incredibly insecure, but I've got to fit inside a network
of machines that are well firewalled off and I'm running into some issues
of debian's (and redhat's for that matter, I work with both)
pam_rhosts_auth module seemingly not obeying + entries for hosts.
We run with our /etc/hosts.equiv looking like:
--------
+
--------
On most of the non-critical machines and several of the key shared
accounts for nightly builds have $HOME/.rhosts containing just:
--------
+ <insertuidhere>
--------
On top of r* servers being insecure as hell, these two changes pretty much
mean the entire world is open, and for this environment, that's ok. In
fact its pretty much required. I don't have the luxury of fixing things.
I don't have the luxury of even just adding specific hosts to the .rhosts
files. I need debian's rhosts authentication to be as loose as solaris,
aix, and hpux. Is there an easy solution or am I going to have to grab
the source and maintain my own pam_rhosts_auth module that's this
insecure?
Thanks,
Brad
Reply to: