Rexd enabled:

    grant|target|1|any|2	(non-root@target accessible to unpriv@anyhost)

Private .rhosts files:

    grant|target|ernie|remote	(ernie@target trusts ernie@remote)
    grant|target|ernie|remote|bert (ernie@target trusts bert@remote)
    grant|target|ernie|any|2	("+ +" in ~ernie/.rhosts)

Unrestricted home directory export:

    grant|target|1|any|0	(non-root@target accessible to root@anyhost)

Restricted home directory export:

    grant|target|2|remote	(unpriv@target accessible to unpriv@remote)
    grant|target|1|remote|0	(non-root@target accessible to root@remote)

Home directory import:

    grant|target|0|remote|0	(device special files enabled)

Wildcard in hosts.equiv:

    grant|target|1|any		(unpriv@target accessible to non-root@any)

Non-wildcard in hosts.equiv:

    grant|target|1|remote	(unpriv@target accessible to non-root@remote)

Non-privileged remote login: root@remote can use trojan horses or
network snoopers to steal the password.

    grant|target|ernie|remote|0	(ernie@target accessible to root@remote)

Remote is DNS server for the target: root@remote can subvert the
tables and exploit the target's hosts.equiv file.

    grant|target|1|remote|0	(non-root@target accessible to root@remote)

Remote is NIS server for the target: root@remote can subvert the
NIS tables and can then probably do anything.

    grant|target|0|remote	(root@target accessible to root@remote)
