Re: ruserok() & /etc/hosts.equiv

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: RayK: "Debate interuption - New firewalls book"
• Previous message: Big Bad Jon: "Re: ruserok() & /etc/hosts.equiv"
• In reply to: Big Bad Jon: "Re: ruserok() & /etc/hosts.equiv"
• Next in thread: Carl Corey: "Re: ruserok() & /etc/hosts.equiv"

Big Bad Jon <jsz@netsys.com> reponds:
> Define what you meant by ``ruserok denies access'' --

A '+' is supposed to allow any user from any host, and it doesn't.

> As far as I can tell, ruserok() function, which is
> defined in rcmd.o module of libc returns a ``0'' if
> the machine name is listed in the ``hosts.equiv'' file
> or the host and remote user name are found in the ``.rhosts'' 
> file; Otherwise it just returns a ``-1'', so having a ``+''
> in /etc/hosts.equiv means that ruserok in fact does NOT deny access.

A '+' in my hosts.equiv file makes the routine return -1, regardless of
.rhosts.  While this is more secure than the expected behavior, I don't
consider it correct behavior.  Then again, really correct behavior wouldn't
include calling this function in the first place.

Walker

• Next message: RayK: "Debate interuption - New firewalls book"
• Previous message: Big Bad Jon: "Re: ruserok() & /etc/hosts.equiv"
• In reply to: Big Bad Jon: "Re: ruserok() & /etc/hosts.equiv"
• Next in thread: Carl Corey: "Re: ruserok() & /etc/hosts.equiv"