Path: utzoo!attcan!uunet!decwrl!sgi!vjs@rhyolite.wpd.sgi.com
From: vjs@rhyolite.wpd.sgi.com (Vernon Schryver)
Newsgroups: comp.sys.sgi
Subject: Re: 3.3.1 telnetd now broken for Multinet?
Message-ID: <73459@sgi.sgi.com>
Date: 27 Oct 90 18:16:38 GMT
References: <9010242024.AA18026@aero4.larc.nasa.gov> <4525@husc6.harvard.edu>
Sender: guest@sgi.sgi.com
Organization: Silicon Graphics, Inc., Mountain View, CA
Lines: 35

In article <4525@husc6.harvard.edu>, macferrin@slsvax.harvard.edu (Kurtis MacFerrin) writes:
> ...
> We still have a problem in using rlogin from vms using Multinet 2.1 to irix
> 3.3.1. The problem is that the user is always prompted for the password,
> despite the proper .rhosts entry. If anyone finds a fix for this, please post
> it to this group or mail me and I'll post it. Thanks.


The most common cause of .rhosts failures is that the machine name in the
.rhosts files is not the name of the machine determined by the system.

To test this, login by giving the password, and then examine the REMOTEHOST
environment variable (see environ(5), env(1), printenv(1)).  It contains
the system's idea of the remote system name, obtained first with
getpeername(2) and then gethostbyaddr(3N).  This means that the IRIS may
not have the same idea of remote system's name as you have.  The name will
be the first or canonical name, not one of the nicknames.  If the IRIS is
unable to resolve the IP address into a name, then REMOTEHOST will contain
the IP address.

The host name that is sought in the .rhosts file is the one determined as
described above, the one in REMOTEHOST.  I seem to recall that you can omit
the domain in .rhosts if it is the same as that of the local host.  You
can put raw IP addresses into .rhosts, for those hosts names that cannot
be resolved.

Computing the host name rather than believing what comes over the wire is a
security measure.

The REMOTEHOST and REMOTEUSER variables date from the days when the primary
IRIS networking was XNS.



Vernon Schryver,    vjs@sgi.com