PAM for .rhosts check?

PAM for .rhosts check?

Post by Jim Dav » Thu, 18 Dec 1997 04:00:00



For our 2.5[.1] systems I cobbled together an awful shared-library
kludge to try to catch cases of plus signs in people's .rhosts files.
Looking through the 2.6 docs, it looks like the PAM modules should be
a cleaner way to do that -- has anyone tried something like that?

 
 
 

PAM for .rhosts check?

Post by Toomas Soom » Thu, 18 Dec 1997 04:00:00


: For our 2.5[.1] systems I cobbled together an awful shared-library
: kludge to try to catch cases of plus signs in people's .rhosts files.
: Looking through the 2.6 docs, it looks like the PAM modules should be
: a cleaner way to do that -- has anyone tried something like that?

just a litte suggestion: disable this rsh/rlogin crap.
install ssh with rsa keys..... and do not enable it's rsh compatibility
capabilities...

toomas soome
Tartu University, Estonia
--
Dignity is like a flag.
It flaps in a storm.
                -- Roy Mengot

 
 
 

PAM for .rhosts check?

Post by Casper H.S. Dik - Network Security Engine » Fri, 19 Dec 1997 04:00:00


[[ PLEASE DON'T SEND ME EMAIL COPIES OF POSTINGS ]]



>: For our 2.5[.1] systems I cobbled together an awful shared-library
>: kludge to try to catch cases of plus signs in people's .rhosts files.
>: Looking through the 2.6 docs, it looks like the PAM modules should be
>: a cleaner way to do that -- has anyone tried something like that?
>just a litte suggestion: disable this rsh/rlogin crap.

In Solaris 2.6, it's very simple to just disable .rhosts files by
commenting out the line:

rlogin  auth sufficient /usr/lib/security/pam_rhosts_auth.so.1
rsh     auth required   /usr/lib/security/pam_rhosts_auth.so.1

(And you might want to disable rsh totally).

Casper
--
Expressed in this posting are my opinions.  They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.