> > > That is a point that is also going into the summary. Its a shame, because > > > the r commands are useful at times. > > We have made it so we can use r commands with the password verification > > (ie. rlogin) turned on. We did this by getting the source to login and > > commenting out the call to see if it's a legitimate remote user. This > > bypasses the /etc/hosts.equiv and ~/.rhosts check. Unfortunately if > > you want /etc/hosts.equiv without ~/.rhosts, you have to modify the > > library call ruserok(). > Thats a thought. It precludes using them in any automated scripts, though. You're correct. We are working on a more secure way to do this. Another alternative would be to run tcp_wrapper around them. This means you would have to trust certain hosts, but it's better than nothing. Ciao, -- Richard Bainter Mundanely | System Analyst - OMG/CSD Pug Generally | Applied Research Labs - U.Texas pug@arlut.utexas.edu | pug@bga.com Note: The views may not reflect my employers, or even my own for that matter.