>This is different from .rhosts: If you leave off the username, it will
>accept any user.
Thanks for pointing that out. I didn't read the .rhosts man page
well enough.
I've updated the .amandahosts description in amanda(8) as follows:
.amandahosts
This is essentially the same as .rhosts authentication
except a different file, with almost the same format,
is used. This is the default mechanism built into
Amanda.
The format of the .amandahosts file is:
hostname [ username ]
If username is ommitted, it defaults to the user run-
ning amandad, i.e. the user listed in the inetd or
xinetd configuration file.
>... Reading the .rhosts manpage, I assumed any user would be
>accepted if I put only hostnames in there.
Which would be a truely insane thing to do :-) (in most situations).
That would allow anyone to run backups of your system, i.e. grab a tar
of your passwords.
>-Christoph Sold
John R. Jackson, Technical Software Specialist, [EMAIL PROTECTED]
