Administering user accounts

Setting remote access for a user

Remote access allows a user to log into another machine (where they have an identical account) without entering a password. This is also known as ``user equivalence''. When remote access is configured, the local system recognizes the equivalence between the two accounts.

This means remote access has two requirements:

the same account must exist on the local and remote systems
the account on the local system must have remote access configured (as described here)

NOTE: Remote access does not create an account on the remote system - you must do this yourself.

In the Account Manager, select a user name, then select Users Remote Access. Click on the Remote Access button.

To configure access, select an entry in the ``Other Hosts'' column and click on the Add button.
To remove access, select an entry in the ``Current Hosts'' column and click on the Remove button.
You can search for a specified host by entering the name in the ``Search for:'' field.

NOTE: To set up administrative remote access for system owners, see ``Using the SCOadmin Setup Wizard''.

About user equivalence

User equivalence allows a user to use rlogin(1tcp) to log in to an equivalent account on another host without entering a password. SCOadmin managers require this equivalence to allow you to manage other systems over the network using the Open Host selection. You can establish user equivalence between:

individual remote/local account pairs by using the Accounts Manager to alter a user's $HOME/.rhosts file to add the remote host and account
a remote account and all local accounts except root (and other non-individual accounts such as bin), by editing /etc/hosts.equiv to add the remote host and account
all accounts on a remote host and all local accounts except root (and other non-individual accounts) by editing /etc/hosts.equiv to add only the remote host name

NOTE: Entries in /etc/hosts.equiv can create large holes in system security. Be sparing in their use. In most circumstances, it is unwise to create entries that allow all users on remote hosts to access all accounts on your local host.

Configuring the files manually allows you to set equivalence between accounts with different logins. The simplest option is to use accounts with the same name as described in ``Setting remote access for a user''.

If there are entries in both .rhosts and /etc/hosts.equiv for the same host or host/account combination, the entry from /etc/hosts.equiv determines the extent of user equivalence. For more information, see rhosts(4tcp).