Document what the PAM believers failed to do (and should have),

which is how to rsh as root into a machine.
2003-12-17 22:38:57 +00:00 · 2003-12-17 22:38:57 +00:00 · c9e8288e34
commit c9e8288e34
parent ecc9efa2f1
1 changed files with 9 additions and 0 deletions
--- a/libexec/rshd/rshd.8
+++ b/libexec/rshd/rshd.8
@ -247,6 +247,15 @@ environment.
 A facility to allow all data exchanges to be encrypted should be
 present.
 .Pp
+Post-PAM, FreeBSD also needs the following patch applied besides
+properly configuring
+.Pa .rhosts .
+ --- etc/pam.d/rsh.orig  Wed Dec 17 14:36:20 2003
+ +++ etc/pam.d/rsh       Wed Dec 17 14:30:43 2003
+ @@ -9 +9 @@
+ -auth	required	pam_rhosts.so	no_warn
+ +auth	required	pam_rhosts.so	no_warn	allow_root
+.Pp
 A more extensible protocol (such as Telnet) should be used.
 .Sh HISTORY
 IPv6 support was added by WIDE/KAME project.