1. Enable rlogin
In the latest versions of Solaris Rlogin comes disabled by default. To enable it you have to use Service Control System:
svcs enable svc:/network/inetd:default
svcs enable svc:/network/login:rlogin
2. Secure rlogin
If you do not need the .rhosts file, delete them from the users home directory. This file has server names and ip addresses from where the user can login without being asked for a password, this means a security risk.
The same risk exists if a hostname is listed in /etc/hosts.equiv, this file is like a “global .rhosts” file and if an ip address or hostname is in that file, any login from those machine is not going to request a password. The file /etc/hosts.equiv can also specify a username, in the form:
10.10.10.45 walter
Or just an ip address:
10.10.10.45
It is possible to disable the $HOME/.rhosts and /etc/hosts.equiv files, globaly by commenting a line in /etc/pam.conf.
The line to comment is:
#rlogin auth sufficient pam_rhosts_auth.so.1
No user commented in " Enable and secure rlogin in Solaris "
Follow-up comment rss or Leave a TrackbackLeave A Reply