Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ hosts.equiv(4M) — DG/UX R4.11

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

hostname(1C)

remsh(1C)

rlogin(1C)

rcmd(3X)

netgroup(4)



hosts.equiv(4M)                 TCP/IP R4.11                 hosts.equiv(4M)


NAME
       hosts.equiv - file format list of trusted hosts database

DESCRIPTION
       The hosts.equiv file, located in the /etc directory, gives the system
       administrator the ability to control remote access.  The .rhosts
       file, located in a local user's home directory, gives each user the
       ability to control remote access.

       When a remote user on a remote host makes an rlogin(1C) or
       remsh(1C)(formerly rsh) request, the ruserok(rcmd(3X)) function scans
       the trusted host entries in hosts.equiv and .rhosts to determine if
       the remote user on the remote host is trusted.  If trusted, then the
       user is allowed remote access; rlogin does not prompt for a password,
       and remsh executes.  Otherwise, rlogin prompts for a password, and
       remsh does not execute.

       The ruserok function allows remote access if either hosts.equiv or
       .rhosts allows remote access.  If hosts.equiv denies remote access
       but .rhosts allows remote access, then remote access is allowed.  If
       the local user is root(user id is 0), then only .rhosts is searched.

       A trusted host entry can allow remote access, deny remote access, or
       make no decision.  The ruserok function scans each file linearly,
       allowing or denying remote access based on the first entry that
       allows or denies remote access.  If no entry allows or denies remote
       access, then remote access is denied.  If an entry in hosts.equiv
       denies remote access before another entry in hosts.equiv allows
       remote access, then remote access is denied by hosts.equiv.  However,
       remote access can still be allowed by .rhosts.

       The hosts.equiv and .rhosts files have one trusted host entry per
       line.  A trusted host entry consists of a hostname expression and an
       optional username expression, delimited by any number of blanks
       and/or tab characters.  An entry allows remote access if both the
       hostname expression and the username expression allow remote access.
       An entry denies remote access if the hostname expression denies
       remote access, or the hostname expression allows remote access but
       the username expression denies remote access.

       The hostname expression can be any of the following:

          +      Allow remote access to all hosts.

          +@groupname
                 Allow remote access to all hosts in the netgroup(4)
                 groupname.

          -@groupname
                 Deny remote access to all hosts in the netgroup groupname.

          hostname
                 Allow remote access to the host named hostname.

          -hostname
                 Deny remote access to the host named hostname.

       If the domain name system is used, a separate entry must be made for
       the simple and the fully-qualified hostnames.  For example, sales and
       sales.hq.acme.com.  If the remote host has more than one interface, a
       separate entry must be made for each of the host's interfaces.  For
       example, accounting and accounting-alt.

       The username expression can be any of the following:

          +      Allow remote access to all users.

          +@groupname
                 Allow remote access to all users in the netgroup groupname.

          -@groupname
                 Deny remote access to all users in the netgroup groupname.

          username
                 Allow remote access to the user named username.

          -username
                 Deny remote access to the user named username.

       If the username expression is omitted, then remote access is allowed
       if the remote username and the local username are the same.  For
       example, the remote user bob must log in to the local host as bob,
       not as sally or billy.

EXAMPLE
       The following is an example hosts.equiv file:
          +                   +@engineering
          +                   -@marketing
          +                   -billy
          sales
          sales.org.acme.com
          sales-alt
          sales-alt.org.acme.com
          -accounting
          -accounting.org.acme.com
          qa                  sally
          qa.org.acme.com               sally

       The first entry allows remote access to all users in the netgroup
       engineering.  The next entry denies remote access to all users in the
       netgroup marketing.  The third entry denies remote access to billy
       from all hosts.  If billy were in the netgroup engineering, he would
       have already been allowed remote access with the first entry.  The
       sales entries allow remote access to users on the host sales who log
       in with the same remote and local usernames.  The host sales has two
       interfaces named sales and sales-alt.  Since the domain name system
       is being used, there are separate entries for the simple name, sales,
       and the fully-qualified name, sales.org.acme.com.  The next two
       entries deny remote access to users on the host accounting.  The last
       two entries allow remote access to sally from host qa.

FILES
       /etc/hosts.equiv
       ~/.rhosts

SEE ALSO
       hostname(1C), remsh(1C), rlogin(1C), rcmd(3X), netgroup(4).


Licensed material--property of copyright holder(s)

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026