|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
<refentry id="pam_rhosts">
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
<refmeta>
|
|
Packit Service |
b29381 |
<refentrytitle>pam_rhosts</refentrytitle>
|
|
Packit Service |
b29381 |
<manvolnum>8</manvolnum>
|
|
Packit Service |
b29381 |
<refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
|
|
Packit Service |
b29381 |
</refmeta>
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
<refnamediv id="pam_rhosts-name">
|
|
Packit Service |
b29381 |
<refname>pam_rhosts</refname>
|
|
Packit Service |
b29381 |
<refpurpose>The rhosts PAM module</refpurpose>
|
|
Packit Service |
b29381 |
</refnamediv>
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
<refsynopsisdiv>
|
|
Packit Service |
b29381 |
<cmdsynopsis id="pam_rhosts-cmdsynopsis">
|
|
Packit Service |
b29381 |
<command>pam_rhosts.so</command>
|
|
Packit Service |
b29381 |
</cmdsynopsis>
|
|
Packit Service |
b29381 |
</refsynopsisdiv>
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
<refsect1 id="pam_rhosts-description">
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
<title>DESCRIPTION</title>
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
<para>
|
|
Packit Service |
b29381 |
This module performs the standard network authentication for services,
|
|
Packit Service |
b29381 |
as used by traditional implementations of <command>rlogin</command>
|
|
Packit Service |
b29381 |
and <command>rsh</command> etc.
|
|
Packit Service |
b29381 |
</para>
|
|
Packit Service |
b29381 |
<para>
|
|
Packit Service |
b29381 |
The authentication mechanism of this module is based on the contents
|
|
Packit Service |
b29381 |
of two files; <filename>/etc/hosts.equiv</filename> (or
|
|
Packit Service |
b29381 |
and <filename>~/.rhosts</filename>. Firstly, hosts listed in the
|
|
Packit Service |
b29381 |
former file are treated as equivalent to the localhost. Secondly,
|
|
Packit Service |
b29381 |
entries in the user's own copy of the latter file is used to map
|
|
Packit Service |
b29381 |
"<emphasis>remote-host remote-user</emphasis>" pairs to that user's
|
|
Packit Service |
b29381 |
account on the current host. Access is granted to the user if their
|
|
Packit Service |
b29381 |
host is present in <filename>/etc/hosts.equiv</filename> and their
|
|
Packit Service |
b29381 |
remote account is identical to their local one, or if their remote
|
|
Packit Service |
b29381 |
account has an entry in their personal configuration file.
|
|
Packit Service |
b29381 |
</para>
|
|
Packit Service |
b29381 |
<para>
|
|
Packit Service |
b29381 |
The module authenticates a remote user (internally specified by the
|
|
Packit Service |
b29381 |
item <parameter>PAM_RUSER</parameter> connecting from the remote
|
|
Packit Service |
b29381 |
host (internally specified by the item <command>PAM_RHOST</command>).
|
|
Packit Service |
b29381 |
Accordingly, for applications to be compatible this authentication
|
|
Packit Service |
b29381 |
module they must set these items prior to calling
|
|
Packit Service |
b29381 |
<function>pam_authenticate()</function>. The module is not capable
|
|
Packit Service |
b29381 |
of independently probing the network connection for such information.
|
|
Packit Service |
b29381 |
</para>
|
|
Packit Service |
b29381 |
</refsect1>
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
<refsect1 id="pam_rhosts-options">
|
|
Packit Service |
b29381 |
<title>OPTIONS</title>
|
|
Packit Service |
b29381 |
<variablelist>
|
|
Packit Service |
b29381 |
<varlistentry>
|
|
Packit Service |
b29381 |
<term>
|
|
Packit Service |
b29381 |
<option>debug</option>
|
|
Packit Service |
b29381 |
</term>
|
|
Packit Service |
b29381 |
<listitem>
|
|
Packit Service |
b29381 |
<para>
|
|
Packit Service |
b29381 |
Print debug information.
|
|
Packit Service |
b29381 |
</para>
|
|
Packit Service |
b29381 |
</listitem>
|
|
Packit Service |
b29381 |
</varlistentry>
|
|
Packit Service |
b29381 |
<varlistentry>
|
|
Packit Service |
b29381 |
<term>
|
|
Packit Service |
b29381 |
<option>silent</option>
|
|
Packit Service |
b29381 |
</term>
|
|
Packit Service |
b29381 |
<listitem>
|
|
Packit Service |
b29381 |
<para>
|
|
Packit Service |
b29381 |
Don't print informative messages.
|
|
Packit Service |
b29381 |
</para>
|
|
Packit Service |
b29381 |
</listitem>
|
|
Packit Service |
b29381 |
</varlistentry>
|
|
Packit Service |
b29381 |
<varlistentry>
|
|
Packit Service |
b29381 |
<term>
|
|
Packit Service |
b29381 |
<option>superuser=<replaceable>account</replaceable></option>
|
|
Packit Service |
b29381 |
</term>
|
|
Packit Service |
b29381 |
<listitem>
|
|
Packit Service |
b29381 |
<para>
|
|
Packit Service |
b29381 |
Handle <replaceable>account</replaceable> as root.
|
|
Packit Service |
b29381 |
</para>
|
|
Packit Service |
b29381 |
</listitem>
|
|
Packit Service |
b29381 |
</varlistentry>
|
|
Packit Service |
b29381 |
</variablelist>
|
|
Packit Service |
b29381 |
</refsect1>
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
<refsect1 id="pam_rhosts-types">
|
|
Packit Service |
b29381 |
<title>MODULE TYPES PROVIDED</title>
|
|
Packit Service |
b29381 |
<para>
|
|
Packit Service |
b29381 |
Only the <option>auth</option> module type is provided.
|
|
Packit Service |
b29381 |
</para>
|
|
Packit Service |
b29381 |
</refsect1>
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
<refsect1 id='pam_rhosts-return_values'>
|
|
Packit Service |
b29381 |
<title>RETURN VALUES</title>
|
|
Packit Service |
b29381 |
<variablelist>
|
|
Packit Service |
b29381 |
<varlistentry>
|
|
Packit Service |
b29381 |
<term>PAM_AUTH_ERR</term>
|
|
Packit Service |
b29381 |
<listitem>
|
|
Packit Service |
b29381 |
<para>
|
|
Packit Service |
b29381 |
The remote host, remote user name or the local user name
|
|
Packit Service |
b29381 |
couldn't be determined or access was denied by
|
|
Packit Service |
b29381 |
<filename>.rhosts</filename> file.
|
|
Packit Service |
b29381 |
</para>
|
|
Packit Service |
b29381 |
</listitem>
|
|
Packit Service |
b29381 |
</varlistentry>
|
|
Packit Service |
b29381 |
<varlistentry>
|
|
Packit Service |
b29381 |
<term>PAM_USER_UNKNOWN</term>
|
|
Packit Service |
b29381 |
<listitem>
|
|
Packit Service |
b29381 |
<para>
|
|
Packit Service |
b29381 |
User is not known to system.
|
|
Packit Service |
b29381 |
</para>
|
|
Packit Service |
b29381 |
</listitem>
|
|
Packit Service |
b29381 |
</varlistentry>
|
|
Packit Service |
b29381 |
</variablelist>
|
|
Packit Service |
b29381 |
</refsect1>
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
<refsect1 id='pam_rhosts-examples'>
|
|
Packit Service |
b29381 |
<title>EXAMPLES</title>
|
|
Packit Service |
b29381 |
<para>
|
|
Packit Service |
b29381 |
To grant a remote user access by <filename>/etc/hosts.equiv</filename>
|
|
Packit Service |
b29381 |
or <filename>.rhosts</filename> for <command>rsh</command> add the
|
|
Packit Service |
b29381 |
following lines to <filename>/etc/pam.d/rsh</filename>:
|
|
Packit Service |
b29381 |
<programlisting>
|
|
Packit Service |
b29381 |
#%PAM-1.0
|
|
Packit Service |
b29381 |
#
|
|
Packit Service |
b29381 |
auth required pam_rhosts.so
|
|
Packit Service |
b29381 |
auth required pam_nologin.so
|
|
Packit Service |
b29381 |
auth required pam_env.so
|
|
Packit Service |
b29381 |
auth required pam_unix.so
|
|
Packit Service |
b29381 |
</programlisting>
|
|
Packit Service |
b29381 |
</para>
|
|
Packit Service |
b29381 |
</refsect1>
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
<refsect1 id='pam_rhosts-see_also'>
|
|
Packit Service |
b29381 |
<title>SEE ALSO</title>
|
|
Packit Service |
b29381 |
<para>
|
|
Packit Service |
b29381 |
<citerefentry>
|
|
Packit Service |
b29381 |
<refentrytitle>rootok</refentrytitle><manvolnum>3</manvolnum>
|
|
Packit Service |
b29381 |
</citerefentry>,
|
|
Packit Service |
b29381 |
<citerefentry>
|
|
Packit Service |
b29381 |
<refentrytitle>hosts.equiv</refentrytitle><manvolnum>5</manvolnum>
|
|
Packit Service |
b29381 |
</citerefentry>,
|
|
Packit Service |
b29381 |
<citerefentry>
|
|
Packit Service |
b29381 |
<refentrytitle>rhosts</refentrytitle><manvolnum>5</manvolnum>
|
|
Packit Service |
b29381 |
</citerefentry>,
|
|
Packit Service |
b29381 |
<citerefentry>
|
|
Packit Service |
b29381 |
<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
|
|
Packit Service |
b29381 |
</citerefentry>,
|
|
Packit Service |
b29381 |
<citerefentry>
|
|
Packit Service |
b29381 |
<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
|
|
Packit Service |
b29381 |
</citerefentry>,
|
|
Packit Service |
b29381 |
<citerefentry>
|
|
Packit Service |
b29381 |
<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
|
|
Packit Service |
b29381 |
</citerefentry>
|
|
Packit Service |
b29381 |
</para>
|
|
Packit Service |
b29381 |
</refsect1>
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
<refsect1 id='pam_rhosts-author'>
|
|
Packit Service |
b29381 |
<title>AUTHOR</title>
|
|
Packit Service |
b29381 |
<para>
|
|
Packit Service |
b29381 |
pam_rhosts was written by Thorsten Kukuk <kukuk@thkukuk.de>
|
|
Packit Service |
b29381 |
</para>
|
|
Packit Service |
b29381 |
</refsect1>
|
|
Packit Service |
b29381 |
|
|
Packit Service |
b29381 |
</refentry>
|