Mail Archives: cygwin/2002/10/25/18:55:24
Pierre is right. Without anything in the password field, I can rsh to
my machine as anyone without providing a password, without setting up
.rhosts files and without defining hosts.equiv.
With a value in the password field, I can still rsh, but only if I have
a .rhosts file set up and with permissions set to 644.
"Pierre A. Humblet" wrote:
>
> On Fri, Oct 25, 2002 at 03:23:11PM -0700, Andrew DeFaria wrote:
> > David Rothenberger wrote:
> >
> > >Check your /etc/passwd file and make sure there is no entry in the
> > >password field (the second field). You want something like this:
> > >
> > >someuser::11150:...
> > >
> > >and not something like this:
> > >
> > >someuser:unused_by_nt/2000/xp:11150:...
> > >
> > Wham! Good answer! It works!
>
> Yes, but you have no security.
> The cygwin mechanism that logs you in when the password is empty
> is the same as with .rhosts, and different from the one
> when providing a password.
> Thus it looks like your .rhosts isn't setup properly.
> Among other things it should only be writable by you.
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -