HOSTS.EQUIV(5)HOSTS.EQUIV(5)NAME
hosts.equiv - list of trusted hosts
DESCRIPTION
Hosts.equiv resides in directory /etc and contains a list of trusted
hosts. When an rlogin(1) or rsh(1) request from such a host is made,
and the initiator of the request is in /etc/passwd, then no further
validity checking is done. That is, rlogin does not prompt for a
password, and rsh completes successfully. So a remote user is
``equivalenced'' to a local user with the same user ID when the remote
user is in hosts.equiv.
The format of hosts.equiv is a list of names, as in this example:
host1
host2
+@group1
-@group2
A line consisting of a simple host name means that anyone logging in
from that host is trusted. A line consisting of +@group means that all
hosts in that network group are trusted. A line consisting of -@group
means that hosts in that group are not trusted. Programs scan
hosts.equiv linearly, and stop at the first hit (either positive for
hostname and +@ entries, or negative for -@ entries). A line
consisting of a single + means that everyone is trusted.
The .rhosts file has the same format as hosts.equiv. When user XXX
executes rlogin or rsh, the .rhosts file from XXX's home directory is
conceptually concatenated onto the end of hosts.equiv for permission
checking. However, -@ entries are not sticky. If a user is excluded
by a minus entry from hosts.equiv but included in .rhosts, then that
user is considered trusted. In the special case when the user is root,
then only the /.rhosts file is checked.
It is also possible to have two entries (separated by a single space)
on a line of these files. In this case, if the remote host is
equivalenced by the first entry, then the user named by the second
entry is allowed to log in as anyone, that is, specify any name to the
-l flag (provided that name is in the /etc/passwd file, of course).
Thus
sundown john
allows john to log in from sundown as anyone. The usual usage would be
to put this entry in the .rhosts file in the home directory for bill .
Then john may log in as bill when coming from sundown. The second
entry may be a netgroup, thus
+@group1 +@group2
allows any user in group2 coming from a host in group1 to log in as
anyone.
FILES
/etc/hosts.equiv
SEE ALSOrlogin(1), rsh(1), netgroup(5)
1 February 1985 HOSTS.EQUIV(5)