|author||Andrew G. Morgan <firstname.lastname@example.org>||2000-06-20 22:10:38 +0000|
|committer||Andrew G. Morgan <email@example.com>||2000-06-20 22:10:38 +0000|
Diffstat (limited to 'modules/pam_rhosts/README')
1 files changed, 57 insertions, 0 deletions
diff --git a/modules/pam_rhosts/README b/modules/pam_rhosts/README
new file mode 100644
@@ -0,0 +1,57 @@
+There are positive entries, when one is matched authentication
+succeeds and terminates. There are negative entries, when one is
+matched authentication fails and terminates. Thus order is
+Entry hosts.equiv .rhosts
+<host> All users on <host> are ok Same username from <host> is ok
+<host> <user> <user> from <host> is ok ditto
+-<host> No users from <host> are ok ditto
+<host> -<user> <user> from <host> is not ok ditto
+<host> can be ip (IPv4) numbers.
+Netgroups may be used in either host or user fields, and then applies
+to all hosts, or users, in the netgroup. The syntax is
+ <host> +@<ng>
+ +@<ng> +@<ng>
+ +@<ng> <user>
+means exactly what you think it does. Negative entries are of the
+When the "promiscuous" option is given the special character + may be
+used as a wildcard in any field.
+ + Allow anyone from any host to connect. DANGEROUS.
+ + + Ditto.
+ + <user> Allow the user to connect from anywhere. DANGEROUS.
+ <host> + Allow any user from the host. Dangerous.
+These, perhaps more usefull, forms of the + form is also disallowed
+unless "promiscuous" is specified:
+ + -<user> Disallow the user from any host
+ + -@<ng> Disallow all members of the netgroup from any host
+When "promiscuous" is not specified a '+' is handled as a negative