"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">

<refentry id="pam_rhosts">

  <refmeta>

    <refentrytitle>pam_rhosts</refentrytitle>

    <manvolnum>8</manvolnum>

    <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>

  </refmeta>

  <refnamediv id="pam_rhosts-name">

    <refname>pam_rhosts</refname>

    <refpurpose>The rhosts PAM module</refpurpose>

  </refnamediv>

  <refsynopsisdiv>

    <cmdsynopsis id="pam_rhosts-cmdsynopsis">

      <command>pam_rhosts.so</command>

    </cmdsynopsis>

  </refsynopsisdiv>

  <refsect1 id="pam_rhosts-description">

    <title>DESCRIPTION</title>

    <para>

      This module performs the standard network authentication for services,

      as used by traditional implementations of <command>rlogin</command>

      and <command>rsh</command> etc.

    </para>

    <para>

      The authentication mechanism of this module is based on the contents

      of two files; <filename>/etc/hosts.equiv</filename> (or

      and <filename>~/.rhosts</filename>. Firstly, hosts listed in the

      former file are treated as equivalent to the localhost. Secondly,

      entries in the user's own copy of the latter file is used to map

      "<emphasis>remote-host remote-user</emphasis>" pairs to that user's

      account on the current host. Access is granted to the user if their

      host is present in <filename>/etc/hosts.equiv</filename> and their

      remote account is identical to their local one, or if their remote

      account has an entry in their personal configuration file.

    </para>

    <para>

      The module authenticates a remote user (internally specified by the

      item <parameter>PAM_RUSER</parameter> connecting from the remote

      host (internally specified by the item <command>PAM_RHOST</command>).

      Accordingly, for applications to be compatible this authentication

      module they must set these items prior to calling

      <function>pam_authenticate()</function>.  The module is not capable

      of independently probing the network connection for such information.

    </para>

  </refsect1>

  <refsect1 id="pam_rhosts-options">

    <title>OPTIONS</title>

    <variablelist>

      <varlistentry>

        <term>

          <option>debug</option>

        </term>

        <listitem>

          <para>

            Print debug information.

          </para>

        </listitem>

      </varlistentry>

      <varlistentry>

        <term>

          <option>silent</option>

        </term>

        <listitem>

          <para>

            Don't print informative messages.

          </para>

        </listitem>

      </varlistentry>

      <varlistentry>

        <term>

          <option>superuser=<replaceable>account</replaceable></option>

        </term>

        <listitem>

          <para>

            Handle <replaceable>account</replaceable> as root.

          </para>

        </listitem>

      </varlistentry>

    </variablelist>

  </refsect1>

  <refsect1 id="pam_rhosts-types">

    <title>MODULE TYPES PROVIDED</title>

    <para>

      Only the <option>auth</option> module type is provided.

    </para>

  </refsect1>

  <refsect1 id='pam_rhosts-return_values'>

    <title>RETURN VALUES</title>

    <variablelist>

      <varlistentry>

      <term>PAM_AUTH_ERR</term>

        <listitem>

          <para>

            The remote host, remote user name or the local user name

            couldn't be determined or access was denied by

            <filename>.rhosts</filename> file.

          </para>

        </listitem>

      </varlistentry>

      <varlistentry>

        <term>PAM_USER_UNKNOWN</term>

        <listitem>

          <para>

            User is not known to system.

          </para>

        </listitem>

      </varlistentry>

    </variablelist>

  </refsect1>

  <refsect1 id='pam_rhosts-examples'>

    <title>EXAMPLES</title>

    <para>

      To grant a remote user access by <filename>/etc/hosts.equiv</filename>

      or <filename>.rhosts</filename> for <command>rsh</command> add the

      following lines to <filename>/etc/pam.d/rsh</filename>:

      <programlisting>

#%PAM-1.0

#

auth     required       pam_rhosts.so

auth     required       pam_nologin.so

auth     required       pam_env.so

auth     required       pam_unix.so

      </programlisting>

    </para>

  </refsect1>

  <refsect1 id='pam_rhosts-see_also'>

    <title>SEE ALSO</title>

    <para>

      <citerefentry>

	<refentrytitle>rootok</refentrytitle><manvolnum>3</manvolnum>

      </citerefentry>,

      <citerefentry>

	<refentrytitle>hosts.equiv</refentrytitle><manvolnum>5</manvolnum>

      </citerefentry>,

      <citerefentry>

	<refentrytitle>rhosts</refentrytitle><manvolnum>5</manvolnum>

      </citerefentry>,

      <citerefentry>

	<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>

      </citerefentry>,

      <citerefentry>

	<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>

      </citerefentry>,

      <citerefentry>

	<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>

      </citerefentry>

    </para>

  </refsect1>

  <refsect1 id='pam_rhosts-author'>

    <title>AUTHOR</title>

      <para>

        pam_rhosts was written by Thorsten Kukuk <kukuk@thkukuk.de>

      </para>

  </refsect1>

</refentry>