To what mail are you responding? What's you're suggesting here sounds an awful lot like the wrong answer to virtually any question: it's preferable not to use Berkeley remote execution facilities at all, preferring either Kerberised equivalents or ssh, or gluing together your own daemons to get a more granular security model than generic remote execution allows.
Trusting the world and turning on insecure services is a good way to get pwned by script kiddies from the Internet or within, so I'm curious to what question would warrant this reply? Am 17 Dec 2009 um 02:38 schrieb xhawk: > What version is your opensolaris? > > The trick is that because opensolaris is somewhat different from > solaris. > the default home of root in opensolaris is"/root", not "/". > > so the file .rhosts should be put in /root. > > By the way, you do not need the /etc/hosts.equiv in solaris 10 and > opensolaris 11. > > and the .rhosts format can be as simple as only a "+" : > > #echo "+">/root/.rhosts > > make sure the following services are enabled: > svc:/network/login:rlogin > svc:/network/shell:default > > IF not, enable them: > svcadm enable svc:/network/login:rlogin > svcadm enable svc:/network/shell:default > -- > This message posted from opensolaris.org > _______________________________________________ > security-discuss mailing list > security-discuss at opensolaris.org
