hosts.equiv

a b c d e f g h i j k l m n o p q r s t u v w x y z _
HOSTS.EQUIV(5)		  Linux Programmer’s Manual	       HOSTS.EQUIV(5)



NAME
       /etc/hosts.equiv	 - list of hosts and users that are granted "trusted"
       r command access to your system

DESCRIPTION
       The hosts.equiv file allows or denies hosts and users to	 use  the  r-
       commands (e.g. rlogin, rsh or rcp) without supplying a password.

       The file uses the following format:

       [ + | - ] [hostname] [username]

       The  hostname  is  the name of a host which is logically equivalent to
       the local host. Users logged into that  host  are  allowed  to  access
       like-named  user	 accounts on the local host without supplying a pass-
       word.  The hostname may be (optionally) preceded by a plus  (+)	sign.
       If  the plus sign is used alone it allows any host to access your sys-
       tem.  You can expicitly deny access to a host by preceding  the	host-
       name  by	 a  minus (-) sign. Users from that host must always supply a
       password.  For security reasons you should always use the FQDN of  the
       hostname and not the short hostname.

       The  username entry grants a specific user access to all user accounts
       (except root) without supplying a password. That means the user is NOT
       restricted  to  like-named  accounts. The username may be (optionally)
       preceded by a plus (+) sign. You can also explicitly deny access to  a
       specific	 user  by  preceding the username with a minus (-) sign. This
       says that the user is not trusted no matter  what  other	 entries  for
       that host exist.

       Netgroups can be specified by preceding the netgroup by an @ sign.

       Be extremely careful when using the plus (+) sign. A simple typograph-
       ical error could result in a standalone plus sign. A  standalone	 plus
       sign is a wildcard character that means "any host"!

FILES
       /etc/hosts.equiv

NOTES
       Some  systems  will  only  honor the contents of this file when it has
       owner root and no write permission for anybody else.  Some  exception-
       ally  paranoid  systems even require that there be no other hard links
       to the file.

       Modern systems use the Pluggable Authentication Modules library (PAM).
       With  PAM a standalone plus sign is only considered a wildcard charac-
       ter which means "any host" when the word promiscuous is added  to  the
       auth  component line in your PAM file for the particular service (e.g.
       rlogin).

SEE ALSO
       rhosts(5), rshd(8), rlogind(8)



Linux				  2003-08-24		       HOSTS.EQUIV(5)