Museum

Home

Lab Overview

Retrotechnology Articles

⇒ Online Manual

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

rlogin(1c)

rsh(1c)

netgroup(5yp)

hosts.equiv(5)

Name

hosts.equiv − list of trusted hosts

Description

The hosts.equiv file resides in the /etc directory and contains a list of trusted hosts. When an rlogin() or rsh() request from a host listed in the hosts.equiv file is made, and the initiator of the request has an entry in /etc/passwd, further validity checking is not required. Thus, rlogin does not prompt for a password, and rsh completes successfully. When a remote user is in the local hosts.equiv file, that user is defined as equivalenced to a local user with the same user ID.

The format of hosts.equiv is a list of names, as in:

host1
−host2
+@group1
-@group2

A line consisting of a host name means that anyone logging in from that host is trusted.  A line consisting of a host name preceded by − means that anyone logging in from that host is not trusted.  A line consisting of a single + means that all hosts are trusted. 

Note

Placing a line consisting of a single + in your hosts.equiv file poses substantial security risks and is not recommended.

The +@ and -@ syntax are specific to Yellow Pages (YP).  A line consisting of +@group means that all hosts in that network group (which is served by YP) are trusted.  A line consisting of −@group means that hosts in that network group (which is served by YP) are not trusted.  Programs scan the hosts.equiv file sequentially and stop when they encounter the appropriate entry (either positive for host name and +@ entries, or negative for −@ entries).

The hosts.equiv file has the same format as the .rhosts file. When a user executes rlogin or rsh, the .rhosts file from that user’s home directory is concatenated onto the hosts.equiv file for permission checking. The host names listed in the /etc/hosts.equiv and .rhosts files may optionally contain the local BIND domain name.  For more information on BIND, see the Guide to the BIND/Hesiod Service.  If a user is excluded by a minus entry from hosts.equiv but included in .rhosts, that user is considered trusted. In the special case when the user is root, only the .rhosts file is checked.

It is possible to have two entries on a single line.  Separate the entires with a space.  If the remote host is equivalenced by the first entry, the user named by the second entry is allowed to specify any name to the −l option (provided that name is in the /etc/passwd file). For example:

suez john

This entry allows John to log in from suez.  The normal use would be to put this entry in the .rhosts file in the home directory for bill.  Then, John can log in as bill when coming from suez without having to supply a password.  The second entry can be a netgroup.  For example:

+@group1 +@group2

This entry allows any user in group2 coming from a host in group1 to log in as anyone. 

Files

/var/yp/domain/netgroup
/var/yp/domain/netgroup.byuser
/var/yp/domain/netgroup.byhost

See Also

rlogin(1c), rsh(1c), netgroup(5yp)
Guide to the BIND/Hesiod Service
Guide to the Yellow Pages Service

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026