-# $OpenBSD: Makefile,v 1.49 2014/03/19 21:10:27 tedu Exp $
+# $OpenBSD: Makefile,v 1.50 2014/04/19 18:39:51 tedu Exp $
# $NetBSD: Makefile,v 1.14 1995/05/11 23:13:15 cgd Exp $
MAN= acct.5 ar.5 bsd.port.mk.5 bsd.port.arch.mk.5 bsd.regress.mk.5 \
changelist.5 core.5 \
defaultdomain.5 dir.5 disktab.5 elf.5 ethers.5 fbtab.5 files.conf.5 \
fs.5 fstab.5 genassym.cf.5 group.5 hostname.if.5 \
- hosts.equiv.5 hosts.5 intro.5 login.conf.5 mixerctl.conf.5 \
+ hosts.5 intro.5 login.conf.5 mixerctl.conf.5 \
mk.conf.5 moduli.5 motd.5 myname.5 netgroup.5 networks.5 passwd.5 \
pf.conf.5 pf.os.5 port-modules.5 printcap.5 protocols.5 \
ranlib.5 remote.5 resolv.conf.5 rpc.5 ruby-module.5 \
spamd.conf.5 sysctl.conf.5 utmp.5 wsconsctl.conf.5
MLINKS= dir.5 dirent.5 fs.5 inode.5 utmp.5 wtmp.5 utmp.5 lastlog.5
-MLINKS+= hosts.equiv.5 .rhosts.5
MLINKS+= resolv.conf.5 resolver.5 resolv.conf.5 resolv.conf.tail.5
MLINKS+= passwd.5 master.passwd.5
MLINKS+= myname.5 mygate.5
+++ /dev/null
-.\" $OpenBSD: hosts.equiv.5,v 1.14 2014/04/18 22:04:54 jmc Exp $
-.\"
-.\" Copyright (c) 1997 Todd Vierling
-.\" Copyright (c) 1997 The NetBSD Foundation, Inc.
-.\" All rights reserved.
-.\"
-.\" This code is derived from software contributed to The NetBSD Foundation
-.\" by Todd Vierling <tv@pobox.com>.
-.\"
-.\" Redistribution and use in source and binary forms, with or without
-.\" modification, are permitted provided that the following conditions
-.\" are met:
-.\" 1. Redistributions of source code must retain the above copyright
-.\" notice, this list of conditions and the following disclaimer.
-.\" 2. Redistributions in binary form must reproduce the above copyright
-.\" notice, this list of conditions and the following disclaimer in the
-.\" documentation and/or other materials provided with the distribution.
-.\" 3. All advertising materials mentioning features or use of this software
-.\" must display the following acknowledgement:
-.\" This product includes software developed by the NetBSD
-.\" Foundation, Inc. and its contributors.
-.\" 4. Neither the name of The NetBSD Foundation nor the names of its
-.\" contributors may be used to endorse or promote products derived
-.\" from this software without specific prior written permission.
-.\"
-.\" THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
-.\" ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-.\" TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
-.\" BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-.\" CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-.\" SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-.\" INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-.\" CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-.\" POSSIBILITY OF SUCH DAMAGE.
-.\"
-.Dd $Mdocdate: April 18 2014 $
-.Dt HOSTS.EQUIV 5
-.Os
-.Sh NAME
-.Nm hosts.equiv ,
-.Nm .rhosts
-.Nd trusted remote hosts and host-user pairs
-.Sh DESCRIPTION
-The
-.Nm hosts.equiv
-and
-.Nm .rhosts
-files list hosts and users which are
-.Dq trusted
-by the local host when a connection is made via
-a server that uses
-.Xr ruserok 3 .
-This mechanism bypasses password checks, and is required for access via
-.Xr rsh 1 .
-.Pp
-Each line of these files has the format:
-.Bd -unfilled -offset indent
-hostname [username]
-.Ed
-.Pp
-The
-.Ar hostname
-may be specified as a host name (typically a fully qualified host
-name in a DNS environment) or address,
-.Ar +@netgroup
-(from which only the host names are checked),
-or a
-.Sq +
-wildcard (allow all hosts).
-.Pp
-The
-.Ar username ,
-if specified, may be given as a user name on the remote host,
-.Ar +@netgroup
-(from which only the user names are checked),
-or a
-.Sq +
-wildcard (allow all remote users).
-.Pp
-If a
-.Ar username
-is specified, only that user from the specified host may log in to the
-local machine.
-If a
-.Ar username
-is not specified, any user may log in with the same user name.
-.Sh FILES
-.Bl -tag -width /etc/hosts.equiv -compact
-.It Pa /etc/hosts.equiv
-global trusted host-user pairs list
-.It Pa ~/.rhosts
-per-user trusted host-user pairs list
-.El
-.Sh EXAMPLES
-.Bl -ohang -compact
-.It Li somehost
-A common usage; users on
-.Ar somehost
-may log in to the local host as the same user name.
-.Pp
-.It Li somehost username
-The user
-.Ar username
-on
-.Ar somehost
-may log in to the local host.
-If specified in
-.Pa /etc/hosts.equiv ,
-the user may log in with only the same user name.
-.Pp
-.It Li +@anetgroup username
-The user
-.Ar username
-may log in to the local host from any machine listed in the netgroup
-.Ar anetgroup .
-.Pp
-.It +
-.It + +
-Two severe security hazards.
-In the first case, allows a user on any
-machine to log in to the local host as the same user name.
-In the second
-case, allows any user on any machine to log in to the local host (as any
-user, if in
-.Pa /etc/hosts.equiv ) .
-.El
-.Sh SEE ALSO
-.Xr rsh 1 ,
-.Xr rcmd 3 ,
-.Xr ruserok 3 ,
-.Xr netgroup 5
-.Sh HISTORY
-The
-.Nm .rhosts
-file format appeared in
-.Bx 4.2 .
-.Sh CAVEATS
-The user name checks provided by this mechanism are
-.Em not
-secure, as the remote user name is received by the server unchecked
-for validity.
-Therefore this mechanism should only be used
-in an environment where all hosts are completely trusted.
-.Pp
-A numeric host address instead of a host name can help security
-considerations somewhat; the address is then used directly by
-.Xr iruserok 3 .
-.Pp
-When a user name (or netgroup, or
-.Sq + )
-is specified in
-.Pa /etc/hosts.equiv ,
-that user (or group of users, or all users, respectively) may log in to
-the local host as
-.Em any local user .
-Usernames in
-.Pa /etc/hosts.equiv
-should therefore be used with extreme caution, or not at all.
-.Pp
-A
-.Pa .rhosts
-file must be owned by the user whose home directory it resides in, and
-must be writable only by that user.
-.Pp
-Logins as root only check root's
-.Pa .rhosts
-file; the
-.Pa /etc/hosts.equiv
-file is not checked for security.
-Access permitted through root's
-.Pa .rhosts
-file is typically only for
-.Xr rsh 1 .
-.Sh BUGS
-The
-.Xr ruserok 3
-implementation currently skips negative entries (preceded with a
-.Sq \&-
-sign) and does not treat them as
-.Dq short-circuit
-negative entries.
projects / openbsd / commitdiff