Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
To: cygwin AT cygwin DOT com
X-Injected-Via-Gmane: http://gmane.org/
Path: not-for-mail
From: Andrew DeFaria <ADeFaria AT Salira DOT com>
Subject: Re: Problem with rsh
Date: Fri, 25 Oct 2002 16:06:55 -0700
Lines: 41
Message-ID: <3DB9CE8F.1090003@Salira.com>
References: <3DB9AD4E DOT 10407 AT Salira DOT com> <3DB9C013 DOT CF6CF751 AT acm DOT org> <3DB9C44F DOT 2060606 AT Salira DOT com> <20021025224810 DOT GA282137 AT WORLDNET>
NNTP-Posting-Host: 206.184.204.2
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: main.gmane.org 1035587172 7606 206.184.204.2 (25 Oct 2002 23:06:12 GMT)
X-Complaints-To: usenet AT main DOT gmane DOT org
NNTP-Posting-Date: Fri, 25 Oct 2002 23:06:12 +0000 (UTC)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0
X-Accept-Language: en-us, en, ru, zh

Pierre A. Humblet wrote:

> On Fri, Oct 25, 2002 at 03:23:11PM -0700, Andrew DeFaria wrote:
>
>> David Rothenberger wrote:
>>
>>> Check your /etc/passwd file and make sure there is no entry in the
>>> password field (the second field). You want something like this:
>>>
>>> someuser::11150:...
>>>
>>> and not something like this:
>>>
>>> someuser:unused_by_nt/2000/xp:11150:...
>>>
>> Wham! Good answer! It works!
>
> Yes, but you have no security.

Security is not as much a concern behind our firewall.

> The cygwin mechanism that logs you in when the password is empty is 
> the same as with .rhosts, and different from the one when providing a 
> password. Thus it looks like your .rhosts isn't setup properly. Among 
> other things it should only be writable by you.

My .rhosts is:

$ ls -l ~/.rhosts
-rw-r--r--    1 adefaria Domain U     1637 Oct  4 12:21 
/home/adefaria/.rhosts

And consists of a list of hostnames in the local intranet followed by my 
user ID. As admin I should be able to rsh to any other machine. Still 
with this rsh fails with permission denied unless /etc/passwd's password 
field is blanked. That, in essense, was my problem.

Now if you can describe how I can set it up to be a little more secure 
I'd try to configure it but as it apparently stands the intended 
security (i.e. using a ~/.rhosts file) is not working correctly.




--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/