Xref: utzoo comp.unix.shell:746 alt.sys.sun:1832 alt.security:1706
Path: utzoo!attcan!uunet!wuarchive!emory!att!cbnewse!danj1
From: Dan_Jacobson@ATT.COM
Newsgroups: comp.unix.shell,alt.sys.sun,alt.security
Subject: Re: ~/.rhosts: put my username in there too?
Message-ID: <1990Oct28.074642.6337@cbnewse.att.com>
Date: 28 Oct 90 07:46:42 GMT
Sender: danj1@cbnewse.att.com (Dan Jacobson)
Reply-To: danj1@ihlpa.att.com
Organization: AT&T-BL, Naperville IL, USA
Lines: 34

I've got 3 responses [Ed K., Jeff L., Mike M.].  My experience:

bob@beep$ cat ~/.rhosts
peep

pam@peep$ rlogin -l bob beep
Password: <--see, it asked pam for a password, so bob doesn't need to
say "peep bob" in his .rhosts file to keep pam out, as some folks
suggested. Saying just "peep" there worked fine.

[SunOS 4.0.3, nothing in /etc/hosts.equiv or /.rhosts. pam and bob
don't know root passwd.  "man rhosts" doesn't seem to contradict the
above. "man rhosts" says the 2nd field is optional, in contrast to
"man rlogin".]

Apparently the only use is if bob is called bob1 on peep, and bob on
peep is somebody else.  Then this would make sense,

bob@beep$ cat ~/.rhosts
peep bob1

...both keeping bob@peep out of bob@beep's account, and letting bob1@peep
login into bob@beep without a password.  All well and good.

But I see no case where
NAME1@host1$ cat ~/.rhosts
host2 NAME1

increases security, or changes anything.  [Same NAME1, both in the
user's name (represented by their prompt here), and in their 2nd
~/.rhosts field] [I'm talking about regular users throughout this
article, not root, etc.]
-- 
Dan_Jacobson@ATT.COM  Naperville IL USA  +1 708-979-6364