hosts.equiv(5)hosts.equiv(5)Namehosts.equiv - list of trusted hosts
Description
The file resides in the directory and contains a list of trusted hosts.
When an or request from a host listed in the file is made, and the ini‐
tiator of the request has an entry in further validity checking is not
required. Thus, does not prompt for a password, and completes success‐
fully. When a remote user is in the local file, that user is defined
as equivalenced to a local user with the same user ID.
The format of is a list of names, as in:
host1
-host2
+@group1
-@group2
A line consisting of a host name means that anyone logging in from that
host is trusted. A line consisting of a host name preceded by - means
that anyone logging in from that host is not trusted. A line consist‐
ing of a single + means that all hosts are trusted. Placing a line
consisting of a single + in your file poses substantial security risks
and is not recommended.
The +@ and -@ syntax are specific to Yellow Pages (YP). A line con‐
sisting of +@group means that all hosts in that network group (which is
served by YP) are trusted. A line consisting of -@group means that
hosts in that network group (which is served by YP) are not trusted.
Programs scan the file sequentially and stop when they encounter the
appropriate entry (either positive for host name and +@ entries, or
negative for -@ entries).
The file has the same format as the file. When a user executes or the
file from that user's home directory is concatenated onto the file for
permission checking. The host names listed in the and files may
optionally contain the local BIND domain name. For more information on
BIND, see the Guide to the BIND/Hesiod Service. If a user is excluded
by a minus entry from but included in that user is considered trusted.
In the special case when the user is root, only the file is checked.
It is possible to have two entries on a single line. Separate the
entires with a space. If the remote host is equivalenced by the first
entry, the user named by the second entry is allowed to specify any
name to the option (provided that name is in the file). For example:
suez john
This entry allows John to log in from suez. The normal use would be to
put this entry in the file in the home directory for bill. Then, John
can log in as bill when coming from suez without having to supply a
password. The second entry can be a netgroup. For example:
+@group1 +@group2
This entry allows any user in group2 coming from a host in group1 to
log in as anyone.
Files
/var/yp/domain/netgroup
/var/yp/domain/netgroup.byuser
/var/yp/domain/netgroup.byhost
See Alsorlogin(1c), rsh(1c), netgroup(5yp)
Guide to the BIND/Hesiod Service
Guide to the Yellow Pages Service
hosts.equiv(5)