What's Acceptable In An ".rhosts" File? ".rhosts" files are used to log from one machine to another without having to provide an account password. If you do not know what a .rhosts file is, and haven't run the command "new.dots" since November 23, 1993, but find one in your account after issuing the following command in your home directory % ls -las .rhosts contact Academic Computing Services immediately. This is an indication that your account may have been compromised. These files, for security reasons, are scanned at random intervals for logins not matching that of the user who owns the file. When a file is found where the login ID's do not match, several steps are taken to insure that the account contained in the file does not belong to the user: 1. The gcos information is checked between the remote system and the AIX system. If there is a match, the account is left untouched; If there is not match, or insufficient information to make a match, the account is frozen. 2. The account owner's current status is checked (are they able to register at Cal Poly). If the .rhosts contains any wild cards "+", it is frozen immediately as these would allow any user or any site (depending on the definition) to use the account without requiring a password. The result of a non-match, mis-match, or wild card character will result in an automatic freeze on the account. Such occurrences indicate either account sharing which is a violation of system policies or a security breach within the account, in which case closing the breach with a freeze is a top priority. In either case the account will be frozen without warning. To reduce the possibility of your account being frozen by this process, you should take the following steps: 1. Obtain an example .rhosts file set up for their account by using the system command "new.dots" (this is also a good opportunity to check your dot files for being up to date). This example is set up to handle the current cluster members as well as currently proposed cluster members which haven't been installed yet. (Doing this is optional.) 2. Document any sites you add to your .rhosts file and why you're adding them. This will give the systems programmers something to check when your account is flagged. Comments may be added to lines before, after, or at the end of the added line with a "#" character beginning the comment. 3. Keep your .rhosts file up to date. Delete any old entries. Delete the file when it is no longer needed. 4. Make sure that your "gcos" information matches on every system in your .rhosts file. This user name information should match and should contain enough information to identify you as a user (please refer to the "User Name Policies (Finger Name)" policy information available for AIX via the "policy" command or "gopher"). Unidentifiable users will have their account frozen. 5. Check your .rhosts often for entries that you didn't place there yourself. Such an entry is a sign that your account has been compromized. Record as much information about the file as you can and report it to "370admins@oboe.calpoly.edu". If you have any further questions about .rhosts and the policy regarding account usage, please contact Academic Computing Services at 756-2516, Building 14 Room 115, or e-mail suggestions@oboe.calpoly.edu.