Big Bad Jon <jsz@netsys.com> reponds: > Define what you meant by ``ruserok denies access'' -- A '+' is supposed to allow any user from any host, and it doesn't. > As far as I can tell, ruserok() function, which is > defined in rcmd.o module of libc returns a ``0'' if > the machine name is listed in the ``hosts.equiv'' file > or the host and remote user name are found in the ``.rhosts'' > file; Otherwise it just returns a ``-1'', so having a ``+'' > in /etc/hosts.equiv means that ruserok in fact does NOT deny access. A '+' in my hosts.equiv file makes the routine return -1, regardless of .rhosts. While this is more secure than the expected behavior, I don't consider it correct behavior. Then again, really correct behavior wouldn't include calling this function in the first place. Walker