netgroup.byhost and netgroup.byuser maps

As noted in Files that NIS Ignores, NIS uses these two maps automatically. However, you can configure two other system files to reference these maps, specifically, the /etc/hosts.equiv file and the /.rhosts file. Doing so can help you control remote logins more effectively.

For example, you can edit the /etc/hosts.equiv file and add a single line, with only the + (plus) character on it. This allows anyone to log into the machine because all further entries are retrieved from NIS rather than the local file. Or, for more control over logins, add a list of trusted hosts to the /etc/hosts.equiv file. For example:

+@trusted_group1
+@trusted_group2
-@distrusted_group

The names to the right of the @ (at sign) should be netgroup names defined in the netgroup map.

You can also add a list of trusted hosts to the /.rhosts file. For example:

+@trusted_group1
+@trusted_group2
-@distrusted_group

Because this file controls remote root access to the local machine, unrestricted access is not recommended. You cannot use aliases for host names in the /.rhosts, hosts.equiv, or netgroup files, because they all enable local machines to access remote machines. You can, however, use aliases for host names in the /etc/hosts file.