mirror of https://github.com/mkerrisk/man-pages
hosts.equiv.5: Tweak's to Carlos's patch
Signed-off-by: Michael Kerrisk <mtk.manpages@gmail.com>
This commit is contained in:
parent
427cee53f0
commit
9e7cff750b
|
@ -82,111 +82,90 @@ is added to the auth component line in your PAM file for
|
||||||
the particular service
|
the particular service
|
||||||
.RB "(e.g., " rlogin ).
|
.RB "(e.g., " rlogin ).
|
||||||
.SH EXAMPLE
|
.SH EXAMPLE
|
||||||
Here are some example
|
Below are some example
|
||||||
.I /etc/host.equiv
|
.I /etc/host.equiv
|
||||||
or
|
or
|
||||||
.I ~/.rhosts
|
.I ~/.rhosts
|
||||||
files:
|
files.
|
||||||
.TP
|
|
||||||
Allow any user to login from any host:
|
Allow any user to login from any host:
|
||||||
.LP
|
|
||||||
.RS 4
|
|
||||||
.TP
|
|
||||||
+
|
|
||||||
.PD
|
|
||||||
.RE
|
|
||||||
.TP
|
|
||||||
Allow any user from host with a matching local account to login:
|
|
||||||
.LP
|
|
||||||
.RS 4
|
|
||||||
.TP
|
|
||||||
host
|
|
||||||
.PD
|
|
||||||
.RE
|
|
||||||
.PP
|
|
||||||
Note: The use of
|
|
||||||
.B +host
|
|
||||||
is never a valid syntax, including attempting to specify that any user from the host is allowed.
|
|
||||||
.TP
|
|
||||||
Allow any user from host to login:
|
|
||||||
.LP
|
|
||||||
.RS 4
|
|
||||||
.TP
|
|
||||||
host +
|
|
||||||
.PD
|
|
||||||
.RE
|
|
||||||
.PP
|
|
||||||
Note: This is distinct from the previous example since it does not require a matching local account.
|
|
||||||
.TP
|
|
||||||
Allow user from host to login:
|
|
||||||
.LP
|
|
||||||
.RS 4
|
|
||||||
.TP
|
|
||||||
host user
|
|
||||||
.PD
|
|
||||||
.RE
|
|
||||||
.TP
|
|
||||||
Allow all users with matching local accounts from host to login except for baduser:
|
|
||||||
.LP
|
|
||||||
.RS 4
|
|
||||||
.PD 0
|
|
||||||
.TP
|
|
||||||
host -baduser
|
|
||||||
.TP
|
|
||||||
host
|
|
||||||
.PD
|
|
||||||
.RE
|
|
||||||
.TP
|
|
||||||
Deny all users from host:
|
|
||||||
.LP
|
|
||||||
.RS 4
|
|
||||||
.TP
|
|
||||||
-host
|
|
||||||
.PD
|
|
||||||
.RE
|
|
||||||
.PP
|
|
||||||
Note: The use of
|
|
||||||
.B -host -user
|
|
||||||
is never a valid syntax, including attempting to specify that a particular user from the host is not trusted.
|
|
||||||
.TP
|
|
||||||
Allow all users with matching local accounts in all hosts in the netgroup:
|
|
||||||
.LP
|
|
||||||
.RS 4
|
|
||||||
.TP
|
|
||||||
+@netgroup
|
|
||||||
.PD
|
|
||||||
.RE
|
|
||||||
.TP
|
|
||||||
Disallow all users in all hosts in the netgroup:
|
|
||||||
.LP
|
|
||||||
.RS 4
|
|
||||||
.TP
|
|
||||||
-@netgroup
|
|
||||||
.PD
|
|
||||||
.RE
|
|
||||||
.TP
|
|
||||||
Allow all users in netgroup to login from host:
|
|
||||||
.LP
|
|
||||||
.RS 4
|
|
||||||
.TP
|
|
||||||
host +@netgroup
|
|
||||||
.PD
|
|
||||||
.RE
|
|
||||||
.TP
|
|
||||||
Allow all users with matching local accounts in all hosts in the netgroup except baduser:
|
|
||||||
.LP
|
|
||||||
.RS 4
|
|
||||||
.PD 0
|
|
||||||
.TP
|
|
||||||
+@netgroup -baduser
|
|
||||||
.TP
|
|
||||||
+@netgroup
|
|
||||||
.PD
|
|
||||||
.RE
|
|
||||||
.TP
|
|
||||||
Note: The deny statements must always preceed the allow statements because the file is processed one line at a time.
|
|
||||||
|
|
||||||
|
+
|
||||||
|
|
||||||
|
Allow any user from
|
||||||
|
.I host
|
||||||
|
with a matching local account to login:
|
||||||
|
|
||||||
|
host
|
||||||
|
|
||||||
|
Note: the use of
|
||||||
|
.I +host
|
||||||
|
is never a valid syntax,
|
||||||
|
including attempting to specify that any user from the host is allowed.
|
||||||
|
|
||||||
|
Allow any user from
|
||||||
|
.I host
|
||||||
|
to login:
|
||||||
|
|
||||||
|
host +
|
||||||
|
|
||||||
|
Note: this is distinct from the previous example
|
||||||
|
since it does not require a matching local account.
|
||||||
|
|
||||||
|
Allow
|
||||||
|
.I user
|
||||||
|
from
|
||||||
|
.I host
|
||||||
|
to login:
|
||||||
|
|
||||||
|
host user
|
||||||
|
|
||||||
|
Allow all users with matching local accounts from
|
||||||
|
.I host
|
||||||
|
to login except for
|
||||||
|
.IR baduser :
|
||||||
|
|
||||||
|
host \-baduser
|
||||||
|
host
|
||||||
|
|
||||||
|
Deny all users from
|
||||||
|
.IR host :
|
||||||
|
|
||||||
|
\-host
|
||||||
|
|
||||||
|
Note: the use of
|
||||||
|
.I "\-host\ \-user"
|
||||||
|
is never a valid syntax,
|
||||||
|
including attempting to specify that a particular user from the host
|
||||||
|
is not trusted.
|
||||||
|
|
||||||
|
Allow all users with matching local accounts on all hosts in a
|
||||||
|
.IR netgroup :
|
||||||
|
|
||||||
|
+@netgroup
|
||||||
|
|
||||||
|
Disallow all users on all hosts in a
|
||||||
|
.IR netgroup :
|
||||||
|
|
||||||
|
\-@netgroup
|
||||||
|
|
||||||
|
Allow all users in a
|
||||||
|
.I netgroup
|
||||||
|
to log in from
|
||||||
|
.IR host :
|
||||||
|
|
||||||
|
host +@netgroup
|
||||||
|
|
||||||
|
Allow all users with matching local accounts on all hosts in a
|
||||||
|
.I netgroup
|
||||||
|
except
|
||||||
|
.IR baduser :
|
||||||
|
|
||||||
|
+@netgroup \-baduser
|
||||||
|
+@netgroup
|
||||||
|
|
||||||
|
Note: the deny statements must always precede
|
||||||
|
because the file is processed one line at a time.
|
||||||
.SH SEE ALSO
|
.SH SEE ALSO
|
||||||
.BR rhosts (5),
|
.BR rhosts (5),
|
||||||
.BR rlogind (8),
|
.BR rlogind (8),
|
||||||
|
|
Loading…
Reference in New Issue