version 1.176, 2002/04/05 20:56:21 |
version 1.176.2.3, 2002/06/22 04:33:15 |
|
|
because it is fundamentally insecure, but can be enabled in the server |
because it is fundamentally insecure, but can be enabled in the server |
configuration file if desired. |
configuration file if desired. |
System security is not improved unless |
System security is not improved unless |
.Xr rshd 8 , |
.Nm rshd , |
.Xr rlogind 8 , |
.Nm rlogind , |
and |
and |
.Xr rexecd 8 |
.Xr rexecd |
are disabled (thus completely disabling |
are disabled (thus completely disabling |
.Xr rlogin 1 |
.Xr rlogin |
and |
and |
.Xr rsh 1 |
.Xr rsh |
into the machine). |
into the machine). |
.Pp |
.Pp |
.Ss SSH protocol version 2 |
.Ss SSH protocol version 2 |
|
|
.It Cm AFSTokenPassing |
.It Cm AFSTokenPassing |
Specifies whether an AFS token may be forwarded to the server. |
Specifies whether an AFS token may be forwarded to the server. |
Default is |
Default is |
.Dq yes . |
.Dq no . |
.It Cm AllowGroups |
.It Cm AllowGroups |
This keyword can be followed by a list of group name patterns, separated |
This keyword can be followed by a list of group name patterns, separated |
by spaces. |
by spaces. |
|
|
To use this option, the server needs a |
To use this option, the server needs a |
Kerberos servtab which allows the verification of the KDC's identity. |
Kerberos servtab which allows the verification of the KDC's identity. |
Default is |
Default is |
.Dq yes . |
.Dq no . |
.It Cm KerberosOrLocalPasswd |
.It Cm KerberosOrLocalPasswd |
If set then if password authentication through Kerberos fails then |
If set then if password authentication through Kerberos fails then |
the password will be validated via any additional local mechanism |
the password will be validated via any additional local mechanism |
|
|
user. The goal of privilege separation is to prevent privilege |
user. The goal of privilege separation is to prevent privilege |
escalation by containing any corruption within the unprivileged processes. |
escalation by containing any corruption within the unprivileged processes. |
The default is |
The default is |
.Dq no . |
.Dq yes . |
.It Cm VerifyReverseMapping |
.It Cm VerifyReverseMapping |
Specifies whether |
Specifies whether |
.Nm |
.Nm |