Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ hosts.equiv(4) — A/UX 3.0.1

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

netgroup(4)

rcp(1)

rlogin(1)

remsh(1)




hosts.equiv(4) hosts.equiv(4)
NAME hosts.equiv, .rhosts - files containing a list of trusted hosts DESCRIPTION hosts.equiv resides in directory /etc and contains a list of trusted hosts. Trusted hosts are remote hosts with respect to the system configured for those trusted hosts. In actual use, the remote hosts are the local systems for users of the rcp, remsh, and rlogin commands that request nonlocal processing services from suitably configured systems. This permits such users to gain easy access to processing resources beyond their local machines, bypassing the need for passwords, if those nonlocal systems are suitably configured. Security can be maintained because nonlocal system resources cannot be obtained unless someone first logs into a machine that can connect to the nonlocal machines set to allow such access. Typically a user must have a similarly-named account on local and any nonlocal systems for which this type of access is desired. Also, the nonlocal systems must have a properly configured hosts.equiv file (or a user account with a properly configured $HOME/.rhosts file). The rlogin, rcp, or remsh requests are supposed to refer to one of these suitably-configured, nonlocal hosts, where the actual processing can be carried out. If these conditions are met, no further password entry is required before the requested processing can proceed, permitting rlogin to omit prompting for a password, and permitting rcp and remsh to run immediately. From the point of view of the system which has been configured to allow nonlocal access in this way, a remote user gains access to local processing services in the guise of a local account with the same name and user ID. The format of hosts.equiv is a list, as in this example: host1 host2 +@group1 -@group2 Each list line can specify either a host, a reference to a netgroup, or two references to netgroups. The following subsections describe some of these line formats. Line Format for an Unqualified Host An unqualified reference to a host is the simplest way to refer to a remote host, as shown here: January 1992 1



hosts.equiv(4) hosts.equiv(4)
host1 host2 Note that this format will not work if name serving is enabled through a domain name entry in /etc/resolv.conf. Line Format for a Qualified Host When name serving is enabled, each line referencing a host must include its domain name: host-name.domain-name-in-caps If the host name is abc and the domain name is alpha.com, the proper entry to place in hosts.equiv is: abc.ALPHA.COM Note that the domain name must be capitalized. Other Line Formats for hosts.equiv A line of the format shown in the preceding two subsections permits someone who has been able to log in to a system under one account name to obtain services from the named remote host with a similarly-named account. You can also place lines in hosts.equiv that reference netgroups instead of hosts. Then netgroup names can also serve as the basis for denying or permitting access. A line consisting of +@netgroup means that all members of netgroup are granted ``trusted'' access. A line consisting of -@netgroup means that members of netgroup are denied ``trusted'' access. Programs scan hosts.equiv linearly, and stop at the first hit (either positive for hostname and +@ entries, or negative for -@ entries). A line consisting of a single + means that everyone is trusted. To treat the members of one netgroup the same as the members of another netgroup for any services obtained on a particular system, insert two references to netgroups (separated by a single space). Then remote users who would be granted ``trusted'' access in the first netgroup can also obtain services through a login account that is a member of the second netgroup. Thus +@netgroup1 +@netgroup2 2 January 1992



hosts.equiv(4) hosts.equiv(4)
allows any qualifying member of netgroup1 to also be granted access as a member of netgroup2. The .rhosts File The .rhosts file has a simlilar format as the hosts.equiv file except that an alternative remote-host name can also be specified. The general format for a line entry in .rhosts is: host-name [username] Suppose a remote system named gutbuster is available and you want to obtain services from it through an account you have there named mikee. Suppose you normally use a nearby system under the account name george. By logging in as mikee on the remote system and placing the text gutbuster george in a .rhosts file inside your home directory, you configure this system and account for easier nonlocal access. Here's how. Assume it is later, and you have only logged in at the nearby system through the account named george. Next suppose you need to use the processing power of the remote system (gutbuster). You can create the desired command lines using remsh (or rlogin) that reference the remote host gutbuster. Those commands execute on the remote system even though there is no similarly-named (george) account on the remote system. This works because when you enter the remsh (or rlogin) commands you specify an account that does exist on the remote system by using the argument -l mikee. Because the .rhost file associated with the account mikee specifies that a user named george on the host named gutbuster is allowed access, access is granted in terms of the account mikee without entry of the password associated with that account. If a user is excluded by a minus netgroup entry from hosts.equiv but included in .rhosts, then that user is considered trusted. In the special case when the user is root, then only the /.rhosts file is checked. FILES $HOME/.rhosts file containing trusted hosts with respect to one user account /etc/hosts.equiv file containing system-wide trusted hosts January 1992 3



hosts.equiv(4) hosts.equiv(4)
SEE ALSO netgroup(4) rcp(1), rlogin(1), remsh(1) in A/UX Command Reference 4 January 1992

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026