blob: e559f3156231f0bb307776b05ddd4adf3ea5fb04 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
|
<?xml version="1.0" encoding='UTF-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id="pam_rhosts">
<refmeta>
<refentrytitle>pam_rhosts</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
</refmeta>
<refnamediv id="pam_rhosts-name">
<refname>pam_rhosts</refname>
<refpurpose>The rhosts PAM module</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis id="pam_rhosts-cmdsynopsis">
<command>pam_rhosts.so</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id="pam_rhosts-description">
<title>DESCRIPTION</title>
<para>
This module performs the standard network authentication for services,
as used by traditional implementations of <command>rlogin</command>
and <command>rsh</command> etc.
</para>
<para>
The authentication mechanism of this module is based on the contents
of two files; <filename>/etc/hosts.equiv</filename> (or
and <filename>~/.rhosts</filename>. Firstly, hosts listed in the
former file are treated as equivalent to the localhost. Secondly,
entries in the user's own copy of the latter file is used to map
"<emphasis>remote-host remote-user</emphasis>" pairs to that user's
account on the current host. Access is granted to the user if their
host is present in <filename>/etc/hosts.equiv</filename> and their
remote account is identical to their local one, or if their remote
account has an entry in their personal configuration file.
</para>
<para>
The module authenticates a remote user (internally specified by the
item <parameter>PAM_RUSER</parameter> connecting from the remote
host (internally specified by the item <command>PAM_RHOST</command>).
Accordingly, for applications to be compatible this authentication
module they must set these items prior to calling
<function>pam_authenticate()</function>. The module is not capable
of independently probing the network connection for such information.
</para>
</refsect1>
<refsect1 id="pam_rhosts-options">
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>
<option>debug</option>
</term>
<listitem>
<para>
Print debug information.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>silent</option>
</term>
<listitem>
<para>
Don't print informative messages.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>superuser=<replaceable>account</replaceable></option>
</term>
<listitem>
<para>
Handle <replaceable>account</replaceable> as root.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id="pam_rhosts-services">
<title>MODULE SERVICES PROVIDED</title>
<para>
Only the <option>auth</option> service is supported.
</para>
</refsect1>
<refsect1 id='pam_rhosts-return_values'>
<title>RETURN VALUES</title>
<variablelist>
<varlistentry>
<term>PAM_AUTH_ERR</term>
<listitem>
<para>
The remote host, remote user name or the local user name
couldn't be determined or access was denied by
<filename>.rhosts</filename> file.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_USER_UNKNOWN</term>
<listitem>
<para>
User is not known to system.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='pam_rhosts-examples'>
<title>EXAMPLES</title>
<para>
To grant a remote user access by <filename>/etc/hosts.equiv</filename>
or <filename>.rhosts</filename> for <command>rsh</command> add the
following lines to <filename>/etc/pam.d/rsh</filename>:
<programlisting>
#%PAM-1.0
#
auth required pam_rhosts.so
auth required pam_nologin.so
auth required pam_env.so
auth required pam_unix.so
</programlisting>
</para>
</refsect1>
<refsect1 id='pam_rhosts-see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>rootok</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>hosts.equiv</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>rhosts</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam.d</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>
</para>
</refsect1>
<refsect1 id='pam_rhosts-author'>
<title>AUTHOR</title>
<para>
pam_rhosts was written by Thorsten Kukuk <kukuk@thkukuk.de>
</para>
</refsect1>
</refentry>
|
