source-git / pam

Clone
Source Code
GIT

Files

  1.   b29381c1f072d24f0bc9c2be578b8baa3a044f9c
  2.   modules
  3.   pam_rhosts
  4.   pam_rhosts.8.xml
Blob Blame History Raw 
<?xml version="1.0" encoding='UTF-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">

<refentry id="pam_rhosts">

  <refmeta>
    <refentrytitle>pam_rhosts</refentrytitle>
    <manvolnum>8</manvolnum>
    <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
  </refmeta>

  <refnamediv id="pam_rhosts-name">
    <refname>pam_rhosts</refname>
    <refpurpose>The rhosts PAM module</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <cmdsynopsis id="pam_rhosts-cmdsynopsis">
      <command>pam_rhosts.so</command>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1 id="pam_rhosts-description">

    <title>DESCRIPTION</title>

    <para>
      This module performs the standard network authentication for services,
      as used by traditional implementations of <command>rlogin</command>
      and <command>rsh</command> etc.
    </para>
    <para>
      The authentication mechanism of this module is based on the contents
      of two files; <filename>/etc/hosts.equiv</filename> (or
      and <filename>~/.rhosts</filename>. Firstly, hosts listed in the
      former file are treated as equivalent to the localhost. Secondly,
      entries in the user's own copy of the latter file is used to map
      "<emphasis>remote-host remote-user</emphasis>" pairs to that user's
      account on the current host. Access is granted to the user if their
      host is present in <filename>/etc/hosts.equiv</filename> and their
      remote account is identical to their local one, or if their remote
      account has an entry in their personal configuration file.
    </para>
    <para>
      The module authenticates a remote user (internally specified by the
      item <parameter>PAM_RUSER</parameter> connecting from the remote
      host (internally specified by the item <command>PAM_RHOST</command>).
      Accordingly, for applications to be compatible this authentication
      module they must set these items prior to calling
      <function>pam_authenticate()</function>.  The module is not capable
      of independently probing the network connection for such information.
    </para>
  </refsect1>

  <refsect1 id="pam_rhosts-options">
    <title>OPTIONS</title>
    <variablelist>
      <varlistentry>
        <term>
          <option>debug</option>
        </term>
        <listitem>
          <para>
            Print debug information.
          </para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term>
          <option>silent</option>
        </term>
        <listitem>
          <para>
            Don't print informative messages.
          </para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term>
          <option>superuser=<replaceable>account</replaceable></option>
        </term>
        <listitem>
          <para>
            Handle <replaceable>account</replaceable> as root.
          </para>
        </listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id="pam_rhosts-types">
    <title>MODULE TYPES PROVIDED</title>
    <para>
      Only the <option>auth</option> module type is provided.
    </para>
  </refsect1>

  <refsect1 id='pam_rhosts-return_values'>
    <title>RETURN VALUES</title>
    <variablelist>
      <varlistentry>
      <term>PAM_AUTH_ERR</term>
        <listitem>
          <para>
            The remote host, remote user name or the local user name
            couldn't be determined or access was denied by
            <filename>.rhosts</filename> file.
          </para>
        </listitem>
      </varlistentry>
      <varlistentry>
        <term>PAM_USER_UNKNOWN</term>
        <listitem>
          <para>
            User is not known to system.
          </para>
        </listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1 id='pam_rhosts-examples'>
    <title>EXAMPLES</title>
    <para>
      To grant a remote user access by <filename>/etc/hosts.equiv</filename>
      or <filename>.rhosts</filename> for <command>rsh</command> add the
      following lines to <filename>/etc/pam.d/rsh</filename>:
      <programlisting>
#%PAM-1.0
#
auth     required       pam_rhosts.so
auth     required       pam_nologin.so
auth     required       pam_env.so
auth     required       pam_unix.so
      </programlisting>
    </para>
  </refsect1>

  <refsect1 id='pam_rhosts-see_also'>
    <title>SEE ALSO</title>
    <para>
      <citerefentry>
	<refentrytitle>rootok</refentrytitle><manvolnum>3</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>hosts.equiv</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>rhosts</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
      </citerefentry>,
      <citerefentry>
	<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>
    </para>
  </refsect1>

  <refsect1 id='pam_rhosts-author'>
    <title>AUTHOR</title>
      <para>
        pam_rhosts was written by Thorsten Kukuk &lt;kukuk@thkukuk.de&gt;
      </para>
  </refsect1>

</refentry>

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation