hosts.equiv(4) hosts.equiv(4)
NAME
hosts.equiv - trusted hosts by system
SYNOPSIS
/etc/hosts.equiv
DESCRIPTION
The /etc/hosts.equiv file contains a list of trusted hosts.
When an rlogin(1) or rsh(1) request is received from a host
listed in this file, and when the user making the request is
listed in the /etc/passwd file, then the remote login is
allowed with no further checking. The library routine ruserok
will make this verification. In this case, rlogin does not
prompt for a password, and commands submitted through rsh are
executed. Thus, a remote user with a local user ID is said to
have ``equivalent'' access from a remote host named in this
file.
USAGE
The format of the hosts.equiv file consists of a one-line
entry for each host, of the form:
hostname [ username ]
The hostname field normally contains the name of a trusted
host from which a remote login can be made, and username
represents a single user from that host. However, an entry
consisting of a single `+' indicates that all known hosts are
to be trusted for all users. A host name must be the
``official'' name as listed in the hosts(4) database. This is
the first name given in the hosts database entry; hostname
aliases are not recognized.
A network group [see netgroup(4)] can be specified in either
the hostname or username fields to match multiple hosts or
users in one entry. The form:
+@netgroup
allows access from all hosts in the network group netgroup.
When used in the username field, network groups allow a group
of remote users to access the system as a particular local
user. The form:
hostname +@netgroup
Copyright 1994 Novell, Inc. Page 1
hosts.equiv(4) hosts.equiv(4)
allows all of the users in the network group netgroup from the
host hostname to access the system as the local user. The
form:
+@netgroup1 +@netgroup2
allows the users in network group netgroup2 from the hosts in
network group netgroup1 to access the system as the local
user.
.rhosts File
Whenever a remote login is not allowed by hosts.equiv, the
remote login daemon checks for a .rhosts file in the home
directory of the local login. The .rhosts file controls
access only to the specific login where it resides.
The .rhosts file has the same format as the hosts.equiv file,
but the username entry has a different meaning. In the
hosts.equiv file, a username entry restricts remote access to
the specified remote user. In the .rhosts file, a username
entry changes the identity of user attempting to log in. The
remote user specified by username can access the host as the
local login and inherit the local login's permissions.
Warnings
When a system is listed in /etc/hosts.equiv, its security must
be as good as local security. One insecure system mentioned
in /etc/hosts.equiv can compromise the security of an entire
network.
REFERENCES
hosts(4), netgroup(4), passwd(4), rlogin(1), rhosts(4), rsh(1)
Copyright 1994 Novell, Inc. Page 2