|
|
hosts.equiv(5) File Formats Manual hosts.equiv(5) Name hosts.equiv - list of trusted hosts Description The file resides in the directory and contains a list of trusted hosts. When an or request from a host listed in the file is made, and the initiator of the request has an entry in further validity checking is not required. Thus, does not prompt for a password, and completes successfully. When a remote user is in the local file, that user is defined as equivalenced to a local user with the same user ID. The format of is a list of names, as in: host1 -host2 +@group1 -@group2 A line consisting of a host name means that anyone logging in from that host is trusted. A line consisting of a host name preceded by - means that anyone logging in from that host is not trusted. A line consisting of a single + means that all hosts are trusted. Placing a line consisting of a single + in your file poses substantial security risks and is not recommended. The +@ and -@ syntax are specific to Yellow Pages (YP). A line consisting of +@group means that all hosts in that network group (which is served by YP) are trusted. A line consisting of -@group means that hosts in that network group (which is served by YP) are not trusted. Programs scan the file sequentially and stop when they encounter the appropriate entry (either positive for host name and +@ entries, or negative for -@ entries). The file has the same format as the file. When a user executes or the file from that user's home directory is concatenated onto the file for permission checking. The host names listed in the and files may optionally contain the local BIND domain name. For more information on BIND, see the Guide to the BIND/Hesiod Service. If a user is excluded by a minus entry from but included in that user is considered trusted. In the special case when the user is root, only the file is checked. It is possible to have two entries on a single line. Separate the entires with a space. If the remote host is equivalenced by the first entry, the user named by the second entry is allowed to specify any name to the option (provided that name is in the file). For example: suez john This entry allows John to log in from suez. The normal use would be to put this entry in the file in the home directory for bill. Then, John can log in as bill when coming from suez without having to supply a password. The second entry can be a netgroup. For example: +@group1 +@group2 This entry allows any user in group2 coming from a host in group1 to log in as anyone. Files /var/yp/domain/netgroup /var/yp/domain/netgroup.byuser /var/yp/domain/netgroup.byhost See Also rlogin(1c), rsh(1c), netgroup(5yp) Guide to the BIND/Hesiod Service Guide to the Yellow Pages Service hosts.equiv(5)