[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Briefly

On Fri, 20 Sep 1996, Andrew G. Morgan wrote:

> If there is any information not present at
> 	http://parc.power.net/morgan/Linux-PAM/index.html
> 	[ or at, http://www.redhat.com/pam ]
> That is available elsewhere, I would like to have a pointer to it! Thanks..

I've already checked both sources (which looked mostly to have the same
information anyway).

So, on to my question then. :-)

I'm running PAM-aware rlogind and rshd (v0.50-7; from the rembrandt
distribution).  I'm trying to configure rlogin and rsh to permit trusted
login to my host on our internal network.  My pam.conf file looks like
this (at least these are the relevant bits):

# login authorization
login	auth		required	/lib/security/pam_securetty.so	
login	auth		sufficient	/lib/security/pam_rhosts_auth.so	
login	auth		required	/lib/security/pam_unix_auth.so	
login	account		required	/lib/security/pam_unix_acct.so	
login	password	required	/lib/security/pam_passwd+.so	
login	session		required	/lib/security/pam_unix_session.so	

# rexec authorization
rexec	auth		required	/lib/security/pam_securetty.so	
rexec	auth		sufficient	/lib/security/pam_rhosts_auth.so	
rexec	auth		required	/lib/security/pam_unix_auth.so	
rexec	account		required	/lib/security/pam_unix_acct.so	

# rlogin authorization
rlogin	auth		required	/lib/security/pam_securetty.so	
rlogin	auth		sufficient	/lib/security/pam_rhosts_auth.so	
rlogin	auth		required	/lib/security/pam_unix_auth.so	
rlogin	account		required	/lib/security/pam_unix_acct.so	
rlogin	password	required	/lib/security/pam_passwd+.so	
rlogin	session		required	/lib/security/pam_unix_session.so	

# rsh authorization
rsh	auth		required	/lib/security/pam_securetty.so	
rsh	auth		sufficient	/lib/security/pam_rhosts_auth.so	
rsh	account		required	/lib/security/pam_unix_acct.so	
rsh	session		required	/lib/security/pam_unix_session.so	

I originally started testing with +@netgroup entries in /etc/hosts.equiv.
Now I'm just testing with +.  Regardless, I'm always prompted for a
password.  I've tried commenting out all but the 'sufficient' entries for
rhosts files, and I simply get 'login failed' errors.

I've added the 'debug' option at the end of the lines (all of them), set up
syslog to log 'debug' level messages, and yet I get nothing but a simple
line like the following in my logfile:

Sep 20 12:24:32 pc05 rlogind[7821]: PAM authentication failed for in.rlogind
Sep 20 12:24:58 pc05 syslogd 1.3-0: restart.
Sep 20 13:39:39 pc05 rshd[8139]: -l functionality has been moved to pam_rhosts_auth in /etc/pam.conf

(And no, I don't have rshd started up with -l in the inetd.conf file.)

I've checked ruserok() with a simple C program, and it consistently returns
0 (for trusted), but it doesn't seem that the pam rhosts module uses
ruserok() for its check.

Originally I suspected that the problem might be with me running in an NIS
environment, but even when I just use +, I still don't get authenticated.
Am I missing something?  Can anyone offer me a clue?  I have to wonder if
it really isn't some kind of NIS problem that I'm missing.


Steve Ferguson                   | Altair Computing, Inc.
Systems Analyst                  | Troy, MI 48084
E-mail: stf@altair.com           | USA
WWW: http://www.altair.com/      | 810/614-2400

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []