|
Server : Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.8e-fips-rhel5 DAV/2 PHP/5.2.17 System : Linux localhost 2.6.18-419.el5 #1 SMP Fri Feb 24 22:47:42 UTC 2017 x86_64 User : nobody ( 99) PHP Version : 5.2.17 Disable Function : NONE Directory : /proc/21585/root/usr/share/doc/pam-0.99.6.2/html/ |
Upload File : |
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>6.23. pam_rhosts - grant access using .rhosts file</title><meta name="generator" content="DocBook XSL Stylesheets V1.69.1"><link rel="start" href="Linux-PAM_SAG.html" title="The Linux-PAM System Administrators' Guide"><link rel="up" href="sag-module-reference.html" title="Chapter 6. A reference guide for available modules"><link rel="prev" href="sag-pam_permit.html" title="6.22. pam_permit - the promiscuous module"><link rel="next" href="sag-pam_rootok.html" title="6.24. pam_rootok - gain only root access"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header"><tr><th colspan="3" align="center">6.23. pam_rhosts - grant access using .rhosts file</th></tr><tr><td width="20%" align="left"><a accesskey="p" href="sag-pam_permit.html">Prev</a> </td><th width="60%" align="center">Chapter 6. A reference guide for available modules</th><td width="20%" align="right"> <a accesskey="n" href="sag-pam_rootok.html">Next</a></td></tr></table><hr></div><div class="section" lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sag-pam_rhosts"></a>6.23. pam_rhosts - grant access using .rhosts file</h2></div></div></div><div class="cmdsynopsis"><p><code class="command">pam_rhosts.so</code> </p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_rhosts-description"></a>6.23.1. DESCRIPTION</h3></div></div></div><p>
This module performs the standard network authentication for services,
as used by traditional implementations of <span><strong class="command">rlogin</strong></span>
and <span><strong class="command">rsh</strong></span> etc.
</p><p>
The authentication mechanism of this module is based on the contents
of two files; <code class="filename">/etc/hosts.equiv</code> (or
and <code class="filename">~/.rhosts</code>. Firstly, hosts listed in the
former file are treated as equivalent to the localhost. Secondly,
entries in the user's own copy of the latter file is used to map
"<span class="emphasis"><em>remote-host remote-user</em></span>" pairs to that user's
account on the current host. Access is granted to the user if their
host is present in <code class="filename">/etc/hosts.equiv</code> and their
remote account is identical to their local one, or if their remote
account has an entry in their personal configuration file.
</p><p>
The module authenticates a remote user (internally specified by the
item <em class="parameter"><code>PAM_RUSER</code></em> connecting from the remote
host (internally specified by the item <span><strong class="command">PAM_RHOST</strong></span>).
Accordingly, for applications to be compatible this authentication
module they must set these items prior to calling
<code class="function">pam_authenticate()</code>. The module is not capable
of independently probing the network connection for such information.
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_rhosts-options"></a>6.23.2. OPTIONS</h3></div></div></div><div class="variablelist"><dl><dt><span class="term">
<code class="option">debug</code>
</span></dt><dd><p>
Print debug information.
</p></dd><dt><span class="term">
<code class="option">silent</code>
</span></dt><dd><p>
Don't print informative messages.
</p></dd><dt><span class="term">
<code class="option">superuser=<em class="replaceable"><code>account</code></em></code>
</span></dt><dd><p>
Handle <em class="replaceable"><code>account</code></em> as root.
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_rhosts-services"></a>6.23.3. MODULE SERVICES PROVIDED</h3></div></div></div><p>
Only the <code class="option">auth</code> service is supported.
</p></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_rhosts-return_values"></a>6.23.4. RETURN VALUES</h3></div></div></div><div class="variablelist"><dl><dt><span class="term">PAM_AUTH_ERR</span></dt><dd><p>
The remote host, remote user name or the local user name
couldn't be determined or access was denied by
<code class="filename">.rhosts</code> file.
</p></dd><dt><span class="term">PAM_USER_UNKNOWN</span></dt><dd><p>
User is not known to system.
</p></dd></dl></div></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_rhosts-examples"></a>6.23.5. EXAMPLES</h3></div></div></div><p>
To grant a remote user access by <code class="filename">/etc/hosts.equiv</code>
or <code class="filename">.rhosts</code> for <span><strong class="command">rsh</strong></span> add the
following lines to <code class="filename">/etc/pam.d/rsh</code>:
</p><pre class="programlisting">
#%PAM-1.0
#
auth required pam_rhosts.so
auth required pam_nologin.so
auth required pam_env.so
auth required pam_unix.so
</pre></div><div class="section" lang="en"><div class="titlepage"><div><div><h3 class="title"><a name="sag-pam_rhosts-author"></a>6.23.6. AUTHOR</h3></div></div></div><p>
pam_rhosts was written by Thorsten Kukuk <kukuk@thkukuk.de>
</p></div></div><div class="navfooter"><hr><table width="100%" summary="Navigation footer"><tr><td width="40%" align="left"><a accesskey="p" href="sag-pam_permit.html">Prev</a> </td><td width="20%" align="center"><a accesskey="u" href="sag-module-reference.html">Up</a></td><td width="40%" align="right"> <a accesskey="n" href="sag-pam_rootok.html">Next</a></td></tr><tr><td width="40%" align="left" valign="top">6.22. pam_permit - the promiscuous module </td><td width="20%" align="center"><a accesskey="h" href="Linux-PAM_SAG.html">Home</a></td><td width="40%" align="right" valign="top"> 6.24. pam_rootok - gain only root access</td></tr></table></div></body></html>