Bugtraq mailing list archives

Re: ruserok() & /etc/hosts.equiv

From: ellerman () rzdspc2 informatik uni-hamburg de (Uwe Ellermann)
Date: Wed, 4 May 94 11:11:46 +0200

From: Walker Aumann <walkera () druggist gg caltech edu>

It seems that the only breakage is that if there is a '+' in the hosts.equiv
file, it ignores users' .rhosts files, except that rlogin and rsh let people
in from any host as long as the same username is used.  Now, I think that it
would be great to have the option of turning off .rhosts usage, rather than
having to police every user's .rhosts file, but this isn't it.


There is the "-l" option in the BSD sources, which does exactly this...

...but it's not supported on Sun and DEC UNIX. 
It is in AIX (according to the man-page).

To install this feature on SunOS, this is roughly what I have done:
1) got the BSD sources (available via anonFTP from ?)
2) compiled rlogind.c and rcmd.c (for ruserok())
3) installed with -l option

This works for SunOS 4.1.x.
On SunOS 5.3 I use a modified source from Wietse Venema's logdaemon-4.1
(FTP: ftp.win.tue.nl or  
      ftp.informatik.uni-hamburg.de: /pub/security/tools/net/logdaemon).

        Uwe

Current thread:

Re: ruserok() & /etc/hosts.equiv Carl Corey (May 03)
- <Possible follow-ups>
- Re: ruserok() & /etc/hosts.equiv Carl Corey (May 03)
  - Re: ruserok() & /etc/hosts.equiv Walker Aumann (May 03)
- Re: ruserok() & /etc/hosts.equiv Uwe Ellermann (May 04)
  - Re: ruserok() & /etc/hosts.equiv Wietse Venema (May 21)
  - AIX rlogind peter () freedom nmsu edu (May 21)
    - Re: AIX rlogind Peter Wemm (May 21)
    - Re: AIX rlogind Kevin Johnson (May 22)
    - Re: AIX rlogind Casper Dik (May 22)
    - Re: AIX rlogind Kevin Johnson (May 22)
    - Re: AIX rlogind Casper Dik (May 22)
    - Re: AIX rlogind Peter Wemm (May 22)
    - Re: AIX rlogind matthew green (May 22)
    - Re: AIX rlogind Paul A Vixie (May 23)

(Thread continues...)