How to Prevent Rhost-Style Access From Remote Systems <meta http-equiv="refresh" content="0;url='http://www.oracle.com/pls/topic/lookup?ctx=solaris11'"> With PAM (System Administration Guide: Security Services)

System Administration Guide: Security Services

How to Prevent Rhost-Style Access From Remote Systems With PAM

Become superuser or assume an equivalent role.

Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map).

Remove all of the lines that include rhosts_auth.so.1 from the PAM configuration file.

This step prevents the reading of the ~/.rhosts files during an rlogin session. Therefore, this step prevents unauthenticated access to the local system from remote systems. All rlogin access requires a password, regardless of the presence or contents of any ~/.rhosts or /etc/hosts.equiv files.

Disable the rsh service.

To prevent other unauthenticated access to the ~/.rhosts files, remember to disable the rsh service.
# svcadm disable network/shell

© 2010, Oracle Corporation and/or its affiliates