System Administration Guide: Security Services

ProcedureHow to Prevent Rhost-Style Access From Remote Systems With PAM

  1. Become superuser or assume an equivalent role.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map).

  2. Remove all of the lines that include from the PAM configuration file.

    This step prevents the reading of the ~/.rhosts files during an rlogin session. Therefore, this step prevents unauthenticated access to the local system from remote systems. All rlogin access requires a password, regardless of the presence or contents of any ~/.rhosts or /etc/hosts.equiv files.

  3. Disable the rsh service.

    To prevent other unauthenticated access to the ~/.rhosts files, remember to disable the rsh service.

    # svcadm disable network/shell