2 files changed, 299 insertions, 0 deletions
diff --git a/modules/pam_rhosts/pam_rhosts.8 b/modules/pam_rhosts/pam_rhosts.8
new file mode 100644
index 0000000..61e9a44
--- /dev/null
+++ b/modules/pam_rhosts/pam_rhosts.8
@@ -0,0 +1,128 @@
+'\" t
+.\"     Title: pam_rhosts
+.\"    Author: [see the "AUTHOR" section]
+.\" Generator: DocBook XSL Stylesheets v1.79.1 <http://docbook.sf.net/>
+.\"      Date: 09/03/2021
+.\"    Manual: Linux-PAM Manual
+.\"    Source: Linux-PAM Manual
+.\"  Language: English
+.\"
+.TH "PAM_RHOSTS" "8" "09/03/2021" "Linux-PAM Manual" "Linux\-PAM Manual"
+.\" -----------------------------------------------------------------
+.\" * Define some portability stuff
+.\" -----------------------------------------------------------------
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.\" http://bugs.debian.org/507673
+.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
+.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+.ie \n(.g .ds Aq \(aq
+.el       .ds Aq '
+.\" -----------------------------------------------------------------
+.\" * set default formatting
+.\" -----------------------------------------------------------------
+.\" disable hyphenation
+.nh
+.\" disable justification (adjust text to left margin only)
+.ad l
+.\" -----------------------------------------------------------------
+.\" * MAIN CONTENT STARTS HERE *
+.\" -----------------------------------------------------------------
+.SH "NAME"
+pam_rhosts \- The rhosts PAM module
+.SH "SYNOPSIS"
+.HP \w'\fBpam_rhosts\&.so\fR\ 'u
+\fBpam_rhosts\&.so\fR
+.SH "DESCRIPTION"
+.PP
+This module performs the standard network authentication for services, as used by traditional implementations of
+\fBrlogin\fR
+and
+\fBrsh\fR
+etc\&.
+.PP
+The authentication mechanism of this module is based on the contents of two files;
+/etc/hosts\&.equiv
+(or and
+~/\&.rhosts\&. Firstly, hosts listed in the former file are treated as equivalent to the localhost\&. Secondly, entries in the user\*(Aqs own copy of the latter file is used to map "\fIremote\-host remote\-user\fR" pairs to that user\*(Aqs account on the current host\&. Access is granted to the user if their host is present in
+/etc/hosts\&.equiv
+and their remote account is identical to their local one, or if their remote account has an entry in their personal configuration file\&.
+.PP
+The module authenticates a remote user (internally specified by the item
+\fIPAM_RUSER\fR
+connecting from the remote host (internally specified by the item
+\fBPAM_RHOST\fR)\&. Accordingly, for applications to be compatible this authentication module they must set these items prior to calling
+\fBpam_authenticate()\fR\&. The module is not capable of independently probing the network connection for such information\&.
+.SH "OPTIONS"
+.PP
+\fBdebug\fR
+.RS 4
+Print debug information\&.
+.RE
+.PP
+\fBsilent\fR
+.RS 4
+Don\*(Aqt print informative messages\&.
+.RE
+.PP
+\fBsuperuser=\fR\fB\fIaccount\fR\fR
+.RS 4
+Handle
+\fIaccount\fR
+as root\&.
+.RE
+.SH "MODULE TYPES PROVIDED"
+.PP
+Only the
+\fBauth\fR
+module type is provided\&.
+.SH "RETURN VALUES"
+.PP
+PAM_AUTH_ERR
+.RS 4
+The remote host, remote user name or the local user name couldn\*(Aqt be determined or access was denied by
+\&.rhosts
+file\&.
+.RE
+.PP
+PAM_USER_UNKNOWN
+.RS 4
+User is not known to system\&.
+.RE
+.SH "EXAMPLES"
+.PP
+To grant a remote user access by
+/etc/hosts\&.equiv
+or
+\&.rhosts
+for
+\fBrsh\fR
+add the following lines to
+/etc/pam\&.d/rsh:
+.sp
+.if n \{\
+.RS 4
+.\}
+.nf
+#%PAM\-1\&.0
+#
+auth     required       pam_rhosts\&.so
+auth     required       pam_nologin\&.so
+auth     required       pam_env\&.so
+auth     required       pam_unix\&.so
+      
+.fi
+.if n \{\
+.RE
+.\}
+.sp
+.SH "SEE ALSO"
+.PP
+\fBrootok\fR(3),
+\fBhosts.equiv\fR(5),
+\fBrhosts\fR(5),
+\fBpam.conf\fR(5),
+\fBpam.d\fR(5),
+\fBpam\fR(8)
+.SH "AUTHOR"
+.PP
+pam_rhosts was written by Thorsten Kukuk <kukuk@thkukuk\&.de>
diff --git a/modules/pam_rhosts/pam_rhosts.8.xml b/modules/pam_rhosts/pam_rhosts.8.xml
new file mode 100644
index 0000000..eb96371
--- /dev/null
+++ b/modules/pam_rhosts/pam_rhosts.8.xml
@@ -0,0 +1,171 @@
+<?xml version="1.0" encoding='UTF-8'?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
+	"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd">
+
+<refentry id="pam_rhosts">
+
+  <refmeta>
+    <refentrytitle>pam_rhosts</refentrytitle>
+    <manvolnum>8</manvolnum>
+    <refmiscinfo class="sectdesc">Linux-PAM Manual</refmiscinfo>
+  </refmeta>
+
+  <refnamediv id="pam_rhosts-name">
+    <refname>pam_rhosts</refname>
+    <refpurpose>The rhosts PAM module</refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis id="pam_rhosts-cmdsynopsis">
+      <command>pam_rhosts.so</command>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1 id="pam_rhosts-description">
+
+    <title>DESCRIPTION</title>
+
+    <para>
+      This module performs the standard network authentication for services,
+      as used by traditional implementations of <command>rlogin</command>
+      and <command>rsh</command> etc.
+    </para>
+    <para>
+      The authentication mechanism of this module is based on the contents
+      of two files; <filename>/etc/hosts.equiv</filename> (or
+      and <filename>~/.rhosts</filename>. Firstly, hosts listed in the
+      former file are treated as equivalent to the localhost. Secondly,
+      entries in the user's own copy of the latter file is used to map
+      "<emphasis>remote-host remote-user</emphasis>" pairs to that user's
+      account on the current host. Access is granted to the user if their
+      host is present in <filename>/etc/hosts.equiv</filename> and their
+      remote account is identical to their local one, or if their remote
+      account has an entry in their personal configuration file.
+    </para>
+    <para>
+      The module authenticates a remote user (internally specified by the
+      item <parameter>PAM_RUSER</parameter> connecting from the remote
+      host (internally specified by the item <command>PAM_RHOST</command>).
+      Accordingly, for applications to be compatible this authentication
+      module they must set these items prior to calling
+      <function>pam_authenticate()</function>.  The module is not capable
+      of independently probing the network connection for such information.
+    </para>
+  </refsect1>
+
+  <refsect1 id="pam_rhosts-options">
+    <title>OPTIONS</title>
+    <variablelist>
+      <varlistentry>
+        <term>
+          <option>debug</option>
+        </term>
+        <listitem>
+          <para>
+            Print debug information.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>
+          <option>silent</option>
+        </term>
+        <listitem>
+          <para>
+            Don't print informative messages.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>
+          <option>superuser=<replaceable>account</replaceable></option>
+        </term>
+        <listitem>
+          <para>
+            Handle <replaceable>account</replaceable> as root.
+          </para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1 id="pam_rhosts-types">
+    <title>MODULE TYPES PROVIDED</title>
+    <para>
+      Only the <option>auth</option> module type is provided.
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_rhosts-return_values'>
+    <title>RETURN VALUES</title>
+    <variablelist>
+      <varlistentry>
+      <term>PAM_AUTH_ERR</term>
+        <listitem>
+          <para>
+            The remote host, remote user name or the local user name
+            couldn't be determined or access was denied by
+            <filename>.rhosts</filename> file.
+          </para>
+        </listitem>
+      </varlistentry>
+      <varlistentry>
+        <term>PAM_USER_UNKNOWN</term>
+        <listitem>
+          <para>
+            User is not known to system.
+          </para>
+        </listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
+  <refsect1 id='pam_rhosts-examples'>
+    <title>EXAMPLES</title>
+    <para>
+      To grant a remote user access by <filename>/etc/hosts.equiv</filename>
+      or <filename>.rhosts</filename> for <command>rsh</command> add the
+      following lines to <filename>/etc/pam.d/rsh</filename>:
+      <programlisting>
+#%PAM-1.0
+#
+auth     required       pam_rhosts.so
+auth     required       pam_nologin.so
+auth     required       pam_env.so
+auth     required       pam_unix.so
+      </programlisting>
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_rhosts-see_also'>
+    <title>SEE ALSO</title>
+    <para>
+      <citerefentry>
+	<refentrytitle>rootok</refentrytitle><manvolnum>3</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>hosts.equiv</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>rhosts</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>pam.conf</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>pam.d</refentrytitle><manvolnum>5</manvolnum>
+      </citerefentry>,
+      <citerefentry>
+	<refentrytitle>pam</refentrytitle><manvolnum>8</manvolnum>
+      </citerefentry>
+    </para>
+  </refsect1>
+
+  <refsect1 id='pam_rhosts-author'>
+    <title>AUTHOR</title>
+      <para>
+        pam_rhosts was written by Thorsten Kukuk &lt;kukuk@thkukuk.de&gt;
+      </para>
+  </refsect1>
+
+</refentry>