Trusted-host information

Users on trusted hosts are allowed to access the local system without supplying a password. You can include an optional user name to limit the authentication to a specific user on a specific host.

Use one of the following trusted-hosts files to specify remote hosts for rlogin, rsh, rcp, and rcmd remote-authentication:
  • hosts.equiv
  • The file that is specified by a database server's REMOTE_SERVER_CFG configuration parameter

Use trusted-hosts information only for client applications that do not supply a user account or password. If a client application supplies an invalid account name and password, the database server rejects the connection even if the trusted-host information contains an entry for the client computer.

To use trusted-host information for authentication, specify the s=1 or s=3 options in sqlhosts file entries. If you do not specify an s option, s=3 is the default.

On Windows, the trusted-host file is in the \%WINDIR%\system32\drivers\etc directory.

On Linux and UNIX systems, the trusted-host file is in the $INFORMIXDIR/etc/ directory.

The hosts.equiv file has the following requirements:
  • It must be owned by user informix
  • It belong to group informix
  • Permissions on the file must be restricted so that only user informix can modify the file. Using octal permissions, one of the following values is appropriate:
    • 644
    • 640
    • 444
    • 440
If you are using the hosts.equiv file and you use the rlogind daemon, you can execute the following statement on the client computer to determine whether the client is trusted:
rlogin hostname
If you log-in successfully without receiving a password prompt, the client is trusted. This method of determining if a client is trusted does not work when the file specified by the REMOTE_SERVER_CFG configuration parameter is used

Trusted-host file entries

To avoid an extra DNS lookup, specify the host name both with and without the domain name. For example, if the trusted host is named host1 and it is in the domain example.com, then add the following entries to the trusted-host file:
#trustedhost       username
host1              informix
host1.example.com  informix
On some networks, the host name that a remote host uses to connect to a particular computer might not be the same as the host name that the computer uses to refer to itself. For example, the network host with the fully qualified domain name (FQDN) host2.example.com might refer to itself with the local host name viking. If this situation occurs, specify both host-name formats:
#trustedhost
host2.example.com
viking

Using the file specified by the REMOTE_SERVER_CFG configuration parameter instead of the hosts.equiv file

In the following situations, use the REMOTE_SERVER_CFG configuration parameter and the file that the parameter specifies:
  • You need different trusted hosts for the database server than those listed for the OS.
  • The security policies at your installation do not allow the use of hosts.equiv.
  • You are a user of a non-root server instance and need to control which hosts are trusted.

To add entries to the file specified by the REMOTE_SERVER_CFG configuration parameter, you can manually enter the information or you can run the admin() or task() function with the cdr add trustedhost argument. If you run cdr add trustedhost argument with the admin() or task() function on a server in a high-availability cluster, the trusted-host information is added to the trusted-host files of all database servers in the cluster. Do not run the admin() or task() function with the cdr list trustedhost argument if you have manually entered trusted-host information on any of the database servers in a high-availability cluster or Enterprise Replication domain.


Copyright© 2018 HCL Technologies Limited