This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Problem with rsh


Pierre is right.  Without anything in the password field, I can rsh to
my machine as anyone without providing a password, without setting up
.rhosts files and without defining hosts.equiv.

With a value in the password field, I can still rsh, but only if I have
a .rhosts file set up and with permissions set to 644.

"Pierre A. Humblet" wrote:
> 
> On Fri, Oct 25, 2002 at 03:23:11PM -0700, Andrew DeFaria wrote:
> > David Rothenberger wrote:
> >
> > >Check your /etc/passwd file and make sure there is no entry in the
> > >password field (the second field).  You want something like this:
> > >
> > >someuser::11150:...
> > >
> > >and not something like this:
> > >
> > >someuser:unused_by_nt/2000/xp:11150:...
> > >
> > Wham! Good answer! It works!
> 
> Yes, but you have no security.
> The cygwin mechanism that logs you in when the password is empty
> is the same as with .rhosts, and different from the one
> when providing a password.
> Thus it looks like your .rhosts isn't setup properly.
> Among other things it should only be writable by you.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]