[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: permission problems (PAM?) with NC client users (fwd)



Thanks Michael; but didn't help.  In fact, by playing around with what the
docs called the "promiscuous module" I was able to get it to where anyone
except root could login from any other box with no password given (and the
accounts did have passwords assigned), and still this Aranex box wouldn't
talk. So maybe it wasn't security after all.  So much to learn, so little
time ... ;-)

On Thu, 15 Jan 1998, Michael K. Johnson wrote:

> 
> Robert Grunloh writes:
> >I have a stock RH5 setup that we intend to use as a bootp server for some
> >Network Computers. We installed the vendor's (Aranex) "Internet Client
> >Software" as root, and the NC's boot up fine. Then we add users/passwords
> >for these stations, but the logins consistantly fail when done at the
> >NC's. They work fine when done as standard telnet sessions.
> >
> >The vendor specifically supports Linux as a server for these NC's (neat!),
> >but they have no RedHat experience, they normally supply Slackware, and
> >can't find what's wrong. We suspect the built-in security of their
> >software setup is conflicting with the RH5 PAM security. Uninstalling PAM
> >doesn't seem to be an option (?) but is there any way to configure some
> >users to only have "regular" security from /etc/passwd and nothing more,
> >or otherwise disable the use of PAM? Has anyone run into this before? 
> 
> Chances are they are trying to use rexec.  Remove the pam_pwdb.so and
> pam_nologin.so lines from /etc/pam.d/rexec, and put in an
> auth	sufficient	/lib/security/pam_rhosts_auth.so
> line after the securetty.so line, and see if that helps.
> 
> We disable rexec by default using PAM because it has been the source
> of system holes before that no one knew about because rexec is so
> rarely used.  Rexec doesn't have a way to do password authentication.
> 
> I should probably change that a bit to a more sane /etc/pam.d/rexec
> that is easier to enable/disable.
> 
> michaelkjohnson
> 
> "Magazines all too frequently lead to books and should be regarded by the
>  prudent as the heavy petting of literature."            -- Fran Lebowitz
>                         http://www.amazon.com/exec/obidos/ISBN=0201308215
> 
> -- 
> To unsubscribe: mail -s unsubscribe pam-list-request@redhat.com < /dev/null
> 



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []