32Chapter 4
where terminal is the terminal name and user is the user name from the terminal (root is automatically used if security is disabled; guest is automatically used if security is enabled and auto login as guest is selected).
In addition, the terminal optionally supports both Kerberos authentication and DES data encryption for RSH commands, although the X protocol packets for an X application will not go through the DES data encryption layer.
Secure Shell
This is an additional method for using the X Manager with RSH. The distribution includes the shell rshsecure, which is designed to perform a more secure method for managing RSH requests. rshsecure also provides the ability for users to run shell scripts, such as those invoked from an XDM session on an X terminal. The remainder of this section describes how to configure your server for use with the rshsecure shell.
Start by creating a new account. For security reasons, make sure this account is not the superuser account.
As root, create a .rhosts file for this user, and make sure the ownership of the
.rhosts file gets changed (chown) to this user. In the .rhosts file, add one entry for every terminal/user pair you want to go through rshsecure. For example, if you are using your terminals as “security disabled” and you are using DHCP, you can put every DHCP IP address in the .rhosts file with the user name being root. After saving the .rhosts file and using chown to assign ownership, make sure it is writable only by the user and not by anyone else (chmod 644 .rhosts).
Change the login shell for the account to be the rshsecure program (based upon where you installed it, since you need a full path name).
Note
On Linux, the included rshsecure binary uses libc5.
Determine the set of commands you will be allowing your users to run and create the file rshsecure.cfg in the login directory for this user. Again, make sure that it is not writable by anyone except the owner. Lines starting with the pound sign (#) are treated as comments. The first
