Module Name: Author: Al Longyear <longyear@netcom.com> Maintainer: Management groups provided: authentication Cryptographically sensitive: Security rating: Clean code base: Clean. System dependencies: Network aware: Standard Overview of module

This module performs the standard network authentication for services, as used by traditional implementations of Authentication component

Recognized arguments: Description: The authentication mechanism of this module is based on the contents of two files; /etc/hosts.equiv (or #include <netdb.h>) and ~/.rhosts. Firstly, hosts listed in the former file are treated as equivalent to the localhost. Secondly, entries in the user's own copy of the latter file is used to map "/etc/hosts.equiv and their remote account is identical to their local one, or if their remote account has an entry in their personal configuration file.

Some restrictions are applied to the attributes of the user's personal configuration file: it must be a regular file (as defined by The module authenticates a remote user (internally specified by the item In the case of /etc/host.equiv file is hosts_equiv_rootok option should be used. Instead, the superuser must have a correctly configured personal configuration file.

The behavior of the module is modified by flags: /etc/hosts.equiv file. /etc/hosts.equiv for superuser. Without this option /etc/hosts.equiv is not consulted for the superuser account. This option has no effect if the no_hosts_equiv option is used. ~/.rhosts. ~/.rhosts file must not be writable by anyone other than its owner. This option overlooks group write access in the case that the group owner of this file has the same name as the user being authenticated. To lessen the security problems associated with this option, the module also checks that the user is the only member of their private group. Examples/suggested usage: To allow users to login from trusted remote machines, you should try adding the following line to your /etc/pam.conf file # # No passwords required for users from hosts listed above. # login auth sufficient pam_rhosts_auth.so no_rhosts Note, in this example, the system administrator has turned off all /etc/host.equiv file, by replacing