User equivalence is a state which allows a particular user or group
of users to access the accounts of another user or group of users,
where this second group is usually on a different machine. This
access is done without the use of any authentication, such as pass-
words.
The way to make use of user equivalency follows. If user alpha on
machine m1 is equivalenced to user alpha and user beta on machine
m2, then the following commands work without specifying any pass-
words from alpha's account on m1:
rlogin m2
logs into m2 as user alpha.
rlogin m2 -l beta
logs into m2 as user beta.
rcmd m2 who
will execute the who command on machine m2 as user alpha.
rcmd m2 -l beta who
will execute the who command on machine m2 as user beta.
Also, note the following:
rcp filename m2:filename2
requires user equivalence of user alpha on m1 for user alpha
on m2.
rcp filename beta@m2:filename2
requires user equivalence of user alpha on m1 for user beta
on m2.
-----
There are two files which control this access. The first is
.rhosts in the user's home directory who is being affected.
The format of the .rhosts file is:
<machine> <user>
The user is optional.
The other file is /etc/hosts.equiv. The format is identical to that
of the .rhosts file, but usually only the <machine> portion is used.
For example, if user alpha on machine m1 wants to allow user alpha
on machine m2 to access her account without the use of a pass-
word. User alpha, on m1, would create a file called .rhosts in her
home directory with the line:
m2 alpha
If alpha wanted to also allow the user delta on m2 and gamma on m3
to access her account without a password, the .rhosts file in
alpha's home directory would read:
m2 alpha
m2 delta
m3 gamma
If alpha also wanted ALL users on machine m4 to access her account
without a password, the .rhosts file would read:
m2 alpha
m2 delta
m3 gamma
m4
Suppose that the System Administrator of machine m1 wanted to allow
all users on machine m5 to access their own accounts on machine m1.
This would be accomplished by adding the following line to the
/etc/hosts.equiv file on m1:
m5
Thus user beta on machine m5 could access user beta on m1 without
the need for a password.
Note that /etc/hosts.equiv does not work for the user root. If you
wish to access the root user on m1 from m2 without a password, you
must set up a .rhosts file in the / directory on m1, with:
m2 root
Or, if you want a user other than root on m2 to access root on
machine m1 without a password:
m2 <user>
Note that users on the machines with their own .rhosts file *must*
have a password assigned. Also, if the System Administrator has
configured a /etc/hosts.equiv file, the users on that system must
have a password assigned in order to make use of the
/etc/hosts.equiv file. Finally, the .rhosts file in a
particular user's home directory must be owned by that user and set
to 600.
Please note that "root" can not make use of /etc/hosts.equiv, ie.
it MUST use .rhosts.
Only non-privileged users can make use of /etc/hosts.equiv and it is
recommended to use the fully-qualified-domain-name of the server in
this file for the commands to work.
NOTE:
For UnixWare7, please use "rsh" rather than "rcmd".
SEE ALSO:
Technical Article 107726, entitled "rcp and rcmd fail report a 'Bad Hertz Value'
message."
|