Bayard Bell wrote: > To what mail are you responding? What's you're suggesting here sounds an > awful lot like the wrong answer to virtually any question: it's > preferable not to use Berkeley remote execution facilities at all, > preferring either Kerberised equivalents or ssh, or gluing together your > own daemons to get a more granular security model than generic remote > execution allows. > > Trusting the world and turning on insecure services is a good way to get > pwned by script kiddies from the Internet or within, so I'm curious to > what question would warrant this reply?
Agree - the below suggestion is wrong for almost all situations. It is horribly insecure, opening up root access to your system with no authentication at all is a recipe for disaster. Use ssh and setup shared keys if you need automated remote access. -Wyllys > > Am 17 Dec 2009 um 02:38 schrieb xhawk: > >> What version is your opensolaris? >> >> The trick is that because opensolaris is somewhat different from solaris. >> the default home of root in opensolaris is"/root", not "/". >> >> so the file .rhosts should be put in /root. >> >> By the way, you do not need the /etc/hosts.equiv in solaris 10 and >> opensolaris 11. >> >> and the .rhosts format can be as simple as only a "+" : >> >> #echo "+">/root/.rhosts >> >> make sure the following services are enabled: >> svc:/network/login:rlogin >> svc:/network/shell:default >> >> IF not, enable them: >> svcadm enable svc:/network/login:rlogin >> svcadm enable svc:/network/shell:default >> -- >> This message posted from opensolaris.org >> _______________________________________________ >> security-discuss mailing list >> security-discuss at opensolaris.org > > _______________________________________________ > security-discuss mailing list > security-discuss at opensolaris.org
