<?xml version="1.0" encoding='UTF-8'?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
<refentry id="pam_rhosts">
<refmeta>
<refentrytitle>pam_rhosts</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
</refmeta>
<refnamediv id="pam_rhosts-name">
<refname>pam_rhosts</refname>
<refpurpose>The rhosts PAM module</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis id="pam_rhosts-cmdsynopsis">
<command>pam_rhosts.so</command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id="pam_rhosts-description">
<title>DESCRIPTION</title>
<para>
This module performs the standard network authentication for services,
as used by traditional implementations of <command>rlogin</command>
and <command>rsh</command> etc.
</para>
<para>
The authentication mechanism of this module is based on the contents
of two files; <filename>/etc/hosts.equiv</filename> (or
and <filename>~/.rhosts</filename>. Firstly, hosts listed in the
former file are treated as equivalent to the localhost. Secondly,
entries in the user's own copy of the latter file is used to map
"<emphasis>remote-host remote-user</emphasis>" pairs to that user's
account on the current host. Access is granted to the user if their
host is present in <filename>/etc/hosts.equiv</filename> and their
remote account is identical to their local one, or if their remote
account has an entry in their personal configuration file.
</para>
<para>
The module authenticates a remote user (internally specified by the
item <parameter>PAM_RUSER</parameter> connecting from the remote
host (internally specified by the item <command>PAM_RHOST</command>).
Accordingly, for applications to be compatible this authentication
module they must set these items prior to calling
<function>pam_authenticate()</function>. The module is not capable
of independently probing the network connection for such information.
</para>
</refsect1>
<refsect1 id="pam_rhosts-options">
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>
<option>debug</option>
</term>
<listitem>
<para>
Print debug information.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>silent</option>
</term>
<listitem>
<para>
Don't print informative messages.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>superuser=<replaceable>account</replaceable></option>
</term>
<listitem>
<para>
Handle <replaceable>account</replaceable> as root.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id="pam_rhosts-types">
<title>MODULE TYPES PROVIDED</title>
<para>
Only the <option>auth</option> module type is provided.
</para>
</refsect1>
<refsect1 id='pam_rhosts-return_values'>
<title>RETURN VALUES</title>
<variablelist>
<varlistentry>
<term>PAM_AUTH_ERR</term>
<listitem>
<para>
The remote host, remote user name or the local user name
couldn't be determined or access was denied by
<filename>.rhosts</filename> file.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>PAM_USER_UNKNOWN</term>
<listitem>
<para>
User is not known to system.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='pam_rhosts-examples'>
<title>EXAMPLES</title>
<para>
To grant a remote user access by <filename>/etc/hosts.equiv</filename>
or <filename>.rhosts</filename> for <command>rsh</command> add the
following lines to <filename>/etc/pam.d/rsh</filename>:
<programlisting>
#%PAM-1.0
#
auth required pam_rhosts.so
auth required pam_nologin.so
auth required pam_env.so
auth required pam_unix.so
</programlisting>
</para>
</refsect1>
<refsect1 id='pam_rhosts-see_also'>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>rootok</refentrytitle><manvolnum>3</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>hosts.equiv</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>rhosts</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>
</para>
</refsect1>
<refsect1 id='pam_rhosts-author'>
<title>AUTHOR</title>
<para>
pam_rhosts was written by Thorsten Kukuk <kukuk@thkukuk.de>
</para>
</refsect1>
</refentry>