man-pages/man8/pam_rhosts.8.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML><HEAD><TITLE>Man page of PAM_RHOSTS</TITLE>
</HEAD><BODY>
<H1>PAM_RHOSTS</H1>
Section: Linux-PAM Manual (8)<BR>Updated: 05/18/2017<BR><A HREF="#index">Index</A>
<A HREF="/cgi-bin/man/man2html">Return to Main Contents</A><HR>





















<A NAME="lbAB">&nbsp;</A>
<H2>NAME</H2>

pam_rhosts - The rhosts PAM module
<A NAME="lbAC">&nbsp;</A>
<H2>SYNOPSIS</H2>

<DL COMPACT>
<DT id="1">
<B>pam_rhosts.so</B>
</DL>
<A NAME="lbAD">&nbsp;</A>
<H2>DESCRIPTION</H2>

<P>

<DD>This module performs the standard network authentication for services, as used by traditional implementations of
<B>rlogin</B>
and
<B>rsh</B>
etc.
<P>

The authentication mechanism of this module is based on the contents of two files;
/etc/hosts.equiv
(or and
~/.rhosts. Firstly, hosts listed in the former file are treated as equivalent to the localhost. Secondly, entries in the user's own copy of the latter file is used to map &quot;<I>remote-host remote-user</I>&quot; pairs to that user's account on the current host. Access is granted to the user if their host is present in
/etc/hosts.equiv
and their remote account is identical to their local one, or if their remote account has an entry in their personal configuration file.
<P>

The module authenticates a remote user (internally specified by the item
<I>PAM_RUSER</I>
connecting from the remote host (internally specified by the item
<B>PAM_RHOST</B>). Accordingly, for applications to be compatible this authentication module they must set these items prior to calling
<B>pam_authenticate()</B>. The module is not capable of independently probing the network connection for such information.
<A NAME="lbAE">&nbsp;</A>
<H2>OPTIONS</H2>

<P>

<B>debug</B>
<DL COMPACT><DT id="2"><DD>
Print debug information.
</DL>

<P>

<B>silent</B>
<DL COMPACT><DT id="3"><DD>
Don't print informative messages.
</DL>

<P>

<B>superuser=</B><B></B><I>account</I>
<DL COMPACT><DT id="4"><DD>
Handle
<I>account</I>
as root.
</DL>

<A NAME="lbAF">&nbsp;</A>
<H2>MODULE TYPES PROVIDED</H2>

<P>

Only the
<B>auth</B>
module type is provided.
<A NAME="lbAG">&nbsp;</A>
<H2>RETURN VALUES</H2>

<P>

PAM_AUTH_ERR
<DL COMPACT><DT id="5"><DD>
The remote host, remote user name or the local user name couldn't be determined or access was denied by
.rhosts
file.
</DL>

<P>

PAM_USER_UNKNOWN
<DL COMPACT><DT id="6"><DD>
User is not known to system.
</DL>

<A NAME="lbAH">&nbsp;</A>
<H2>EXAMPLES</H2>

<P>

To grant a remote user access by
/etc/hosts.equiv
or
.rhosts
for
<B>rsh</B>
add the following lines to
/etc/pam.d/rsh:
<P>
<DL COMPACT><DT id="7"><DD>



<PRE>
#%PAM-1.0
#
auth     required       pam_rhosts.so
auth     required       pam_nologin.so
auth     required       pam_env.so
auth     required       pam_unix.so
      
</PRE>

</DL>




<P>
<A NAME="lbAI">&nbsp;</A>
<H2>SEE ALSO</H2>

<P>

<B><A HREF="/cgi-bin/man/man2html?3+rootok">rootok</A></B>(3),
<B><A HREF="/cgi-bin/man/man2html?5+hosts.equiv">hosts.equiv</A></B>(5),
<B><A HREF="/cgi-bin/man/man2html?5+rhosts">rhosts</A></B>(5),
<B><A HREF="/cgi-bin/man/man2html?5+pam.conf">pam.conf</A></B>(5),
<B><A HREF="/cgi-bin/man/man2html?5+pam.d">pam.d</A></B>(5),
<B><A HREF="/cgi-bin/man/man2html?7+pam">pam</A></B>(7)
<A NAME="lbAJ">&nbsp;</A>
<H2>AUTHOR</H2>

<P>

pam_rhosts was written by Thorsten Kukuk &lt;<A HREF="mailto:kukuk@thkukuk.de">kukuk@thkukuk.de</A>&gt;
<P>

<HR>
<A NAME="index">&nbsp;</A><H2>Index</H2>
<DL>
<DT id="8"><A HREF="#lbAB">NAME</A><DD>
<DT id="9"><A HREF="#lbAC">SYNOPSIS</A><DD>
<DT id="10"><A HREF="#lbAD">DESCRIPTION</A><DD>
<DT id="11"><A HREF="#lbAE">OPTIONS</A><DD>
<DT id="12"><A HREF="#lbAF">MODULE TYPES PROVIDED</A><DD>
<DT id="13"><A HREF="#lbAG">RETURN VALUES</A><DD>
<DT id="14"><A HREF="#lbAH">EXAMPLES</A><DD>
<DT id="15"><A HREF="#lbAI">SEE ALSO</A><DD>
<DT id="16"><A HREF="#lbAJ">AUTHOR</A><DD>
</DL>
<HR>
This document was created by
<A HREF="/cgi-bin/man/man2html">man2html</A>,
using the manual pages.<BR>
Time: 00:06:14 GMT, March 31, 2021
</BODY>
</HTML>