Are clear-text r-protocols that use IP-based authentication disabled?
The BSD r-tools rely on IP-based authentication, which means that you can allow anyone with (for instance) root access on 192.168.1.1 have root access on 192.168.1.2. Administrators and other users have traditionally found this useful, as it lets them connect from one host to another without having to retype a password. The .rhosts file contains the names of the accounts and machines that are considered to be trusted. The problem with IP-based authentication, however, is that an intruder can craft "spoofed" or faked packets which claim to be from a trusted user on a trusted machine. Since the r-tools rely entirely on IP addresses (and remote username) for authentication, a spoofed packet will be accepted as real. Some of your users, or even possibly other administrators for this machine, might not be aware of the security problems with the BSD r-tools. If this is the case, they might create .rhosts files that would potentially allow crackers access to the machine. This option will disable the use of those r-tools both from your machine and as a means of logging into your machine.