Installing and Administering Internet Services
56 Chapter 2
Installing and Configuring Internet Services
Configuring Files to Bypass Security
CAUTION Hewlett-Packard recommends that you leave user names out of the
/etc/hosts.equiv file, unless you intend to give a user the privilege of
logging into all the accounts on the system without having to provide a
password.
When a non-root user attempts to log into your host, the
/etc/hosts.equiv file is checked before $HOME/.rhosts. If an entry
is found in /etc/hosts.equiv, $HOME/.rhosts is not checked. When
a user attempts to log into your host as root, the /etc/hosts.equiv file
is not checked. Only the /.rhosts file is checked. See “To Configure the
$HOME/.rhosts File” on page 56.
The /etc/hosts.equiv file may contain NFS netgroups. See Installing
and Administering NFS Services for more information.
The /etc/hosts.equiv file should be owned by user root, with
permissions set to 0444 (-r--r--r--).
CAUTION The /etc/hosts.equiv file creates a significant security risk.
Type man 4 hosts.equiv for more information.
To Configure the $HOME/.rhosts File
Any user may create a .rhosts file in his or her home directory. Each
line in the .rhosts file has the following form:
hostname [username]
To create a .rhosts file in any home directory other than the
superuser’s home directory, you must use a text editor. You can use SAM
to configure the /.rhosts file (in the superuser’s home directory). To
run SAM, type sam at the HP-UX prompt. SAM has an extensive online
help facility.
A remote user logged into a host specified in a local $HOME/.rhosts file
can use rcp, remsh, or rlogin to log into that local user’s account
without supplying a password.
If your host has a /.rhosts file, the root user on any system listed in
that file may use rcp, remsh, or rlogin to connect to your host without
being prompted for a password.