1 <?xml version="1.0" encoding='UTF-8'?>
2 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
3 "http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
5 <refentry id="pam_rhosts">
8 <refentrytitle>pam_rhosts</refentrytitle>
9 <manvolnum>8</manvolnum>
10 <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
13 <refnamediv id="pam_rhosts-name">
14 <refname>pam_rhosts</refname>
15 <refpurpose>The rhosts PAM module</refpurpose>
19 <cmdsynopsis id="pam_rhosts-cmdsynopsis">
20 <command>pam_rhosts.so</command>
24 <refsect1 id="pam_rhosts-description">
26 <title>DESCRIPTION</title>
29 This module performs the standard network authentication for services,
30 as used by traditional implementations of <command>rlogin</command>
31 and <command>rsh</command> etc.
34 The authentication mechanism of this module is based on the contents
35 of two files; <filename>/etc/hosts.equiv</filename> (or
36 and <filename>~/.rhosts</filename>. Firstly, hosts listed in the
37 former file are treated as equivalent to the localhost. Secondly,
38 entries in the user's own copy of the latter file is used to map
39 "<emphasis>remote-host remote-user</emphasis>" pairs to that user's
40 account on the current host. Access is granted to the user if their
41 host is present in <filename>/etc/hosts.equiv</filename> and their
42 remote account is identical to their local one, or if their remote
43 account has an entry in their personal configuration file.
46 The module authenticates a remote user (internally specified by the
47 item <parameter>PAM_RUSER</parameter> connecting from the remote
48 host (internally specified by the item <command>PAM_RHOST</command>).
49 Accordingly, for applications to be compatible this authentication
50 module they must set these items prior to calling
51 <function>pam_authenticate()</function>. The module is not capable
52 of independently probing the network connection for such information.
56 <refsect1 id="pam_rhosts-options">
57 <title>OPTIONS</title>
61 <option>debug</option>
65 Print debug information.
71 <option>silent</option>
75 Don't print informative messages.
81 <option>superuser=<replaceable>account</replaceable></option>
85 Handle <replaceable>account</replaceable> as root.
92 <refsect1 id="pam_rhosts-types">
93 <title>MODULE TYPES PROVIDED</title>
95 Only the <option>auth</option> module type is provided.
99 <refsect1 id='pam_rhosts-return_values'>
100 <title>RETURN VALUES</title>
103 <term>PAM_AUTH_ERR</term>
106 The remote host, remote user name or the local user name
107 couldn't be determined or access was denied by
108 <filename>.rhosts</filename> file.
113 <term>PAM_USER_UNKNOWN</term>
116 User is not known to system.
123 <refsect1 id='pam_rhosts-examples'>
124 <title>EXAMPLES</title>
126 To grant a remote user access by <filename>/etc/hosts.equiv</filename>
127 or <filename>.rhosts</filename> for <command>rsh</command> add the
128 following lines to <filename>/etc/pam.d/rsh</filename>:
132 auth required pam_rhosts.so
133 auth required pam_nologin.so
134 auth required pam_env.so
135 auth required pam_unix.so
140 <refsect1 id='pam_rhosts-see_also'>
141 <title>SEE ALSO</title>
144 <refentrytitle>rootok</refentrytitle><manvolnum>3</manvolnum>
147 <refentrytitle>hosts.equiv</refentrytitle><manvolnum>5</manvolnum>
150 <refentrytitle>rhosts</refentrytitle><manvolnum>5</manvolnum>
153 <refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
156 <refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
159 <refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
164 <refsect1 id='pam_rhosts-author'>
165 <title>AUTHOR</title>
167 pam_rhosts was written by Thorsten Kukuk <kukuk@thkukuk.de>