Subject: Re: Problems with root and .rhosts
To: Brian Moore <>
From: Chris G. Demetriou <>
List: current-users
Date: 10/27/1994 00:20:49
> This isn't actually a bug report, so I didn't use send-pr to send this, but
> there seems to be an inconsistency between rlogind and rshd with respect to
> the .rhosts file for root.  I am attempting to allow rlogin for root on a
> NetBSD/i386 machine( iranistu ).  I can add a machine to root's .rhosts file
> and rsh will allow root to access the machine without a password.  When I try
> to rlogin into iranistu, I always will get back a prompt for the password.

I believe this was intentional; the authors of the code (CSRG, i
assume, maybe a contributor to them) wanted to allow rsh's, but _did
not_ want to allow remote logins automatically via .rhosts.  (At
least, that's the way i heard it, last time i asked.)

I'm not sure of the merit in this; it's security through (little)
obscurity, at best.  any reasonable cracker knows how to go
'fish'ing...  8-)