User Equivalence

This makes use of a standard UNIX feature: the /etc/hosts.equiv and $HOME/.rhosts files. These files grant permission for remote users to use local user names without knowing the corresponding user passwords. It is known as user equivalence, because the remote user effectively becomes equivalent to the local user. It is convenient, for example, when one person has user-ids on a number of hosts.

Note

User equivalence cannot be used for terminal connections to the UNIX environment. In this case, the user must enter the appropriate password.

If a user?s home directory contains a file named .rhosts, remote users specified in the file are equivalent to the local user. Each user specification in the file consists of the remote host name and user name, separated by a space.

Example:

A local user with the id tsmith has a .rhosts file containing the line:

sys1 rjones

This means that user rjones on sys1 can connect to the local system as user tsmith. Other users on sys1, however, cannot connect (though they may be allowed to connect as one or more other users).

If the user-id is omitted, the user-ids on the two systems must be the same.

The /etc/hosts.equiv file is the global equivalent of .rhosts. In effect, when a user attempts a remote login, the hosts.equiv file is appended to his or her .rhosts file.

Refer to your UNIX documentation for more information about the /etc/hosts.equiv and $HOME/.rhosts files.

In UNIX-Connect, the user name is supplied in the DDA Connect message and the host name is derived from the PLId by means of the PLIDHOSTS file.

Note

This form of system security must be specifically enabled by starting the session manager with the -x option. This can be specified by editing the file /etc/init.d/rcs.The change will take effect when the session manager is next re-started. If user equivalence is disabled, all remote users must supply passwords when connecting.

Note, however, that remote users who have entries in the USERS-FILE on their local host will be able to connect without entering a user password, whether or not user equivalence is enabled.
UNIX-Connect user equivalence is only available on UNIX V.4 and similar operating systems; for example, Solaris and AIX.

The PLIDHOSTS File

The PLIDHOSTS file (/etc/PLIDHOSTS-FILE) generates the host name required by the above from the PLId. It is a text file and can be created with any ASCII text editor. Each line of the file must be in the form:

PLId hostname

where PLId is a valid PLId, and hostname is the host name that appears in the .rhosts or hosts.equiv file (that is, the name of the remote host that generates that PLId). For example:

SLAN-0000b9000012-1234 sys1

Note that, if required, you can use a partial PLId, by omitting one or more complete fields from the end of the PLId. For example, the following are all valid PLIds:

SLAN
SLAN-0000b9000012
SLAN-0000b9000012-1234

but the following are not:

0000b9000012 First field of PLId is missing.

SLAN-0000b9 Ethernet address is incomplete.

SLAN-1234 Ethernet address is missing.

Product:	RealityVersion 15.4
Help revision:	Revision 0
Help topic:	User Equivalence (UNIX-Connect Administration)
File name:	unixc_admin06+UserEquiv.HTM