From c9e8288e3498c7429f0fcf7f8500def163d0aa3b Mon Sep 17 00:00:00 2001
From: obrien <obrien@FreeBSD.org>
Date: Wed, 17 Dec 2003 22:38:57 +0000
Subject: Document what the PAM believers failed to do (and should have), which
 is how to rsh as root into a machine.

---
 libexec/rshd/rshd.8 | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'libexec')

diff --git a/libexec/rshd/rshd.8 b/libexec/rshd/rshd.8
index b06cca9..42a6c58 100644
--- a/libexec/rshd/rshd.8
+++ b/libexec/rshd/rshd.8
@@ -247,6 +247,15 @@ environment.
 A facility to allow all data exchanges to be encrypted should be
 present.
 .Pp
+Post-PAM, FreeBSD also needs the following patch applied besides
+properly configuring
+.Pa .rhosts .
+ --- etc/pam.d/rsh.orig  Wed Dec 17 14:36:20 2003
+ +++ etc/pam.d/rsh       Wed Dec 17 14:30:43 2003
+ @@ -9 +9 @@
+ -auth	required	pam_rhosts.so	no_warn
+ +auth	required	pam_rhosts.so	no_warn	allow_root
+.Pp
 A more extensible protocol (such as Telnet) should be used.
 .Sh HISTORY
 IPv6 support was added by WIDE/KAME project.
-- 
cgit v1.1