[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: permission problems (PAM?) with NC client users (fwd)

Robert Grunloh writes:
>I have a stock RH5 setup that we intend to use as a bootp server for some
>Network Computers. We installed the vendor's (Aranex) "Internet Client
>Software" as root, and the NC's boot up fine. Then we add users/passwords
>for these stations, but the logins consistantly fail when done at the
>NC's. They work fine when done as standard telnet sessions.
>The vendor specifically supports Linux as a server for these NC's (neat!),
>but they have no RedHat experience, they normally supply Slackware, and
>can't find what's wrong. We suspect the built-in security of their
>software setup is conflicting with the RH5 PAM security. Uninstalling PAM
>doesn't seem to be an option (?) but is there any way to configure some
>users to only have "regular" security from /etc/passwd and nothing more,
>or otherwise disable the use of PAM? Has anyone run into this before? 

Chances are they are trying to use rexec.  Remove the pam_pwdb.so and
pam_nologin.so lines from /etc/pam.d/rexec, and put in an
auth	sufficient	/lib/security/pam_rhosts_auth.so
line after the securetty.so line, and see if that helps.

We disable rexec by default using PAM because it has been the source
of system holes before that no one knew about because rexec is so
rarely used.  Rexec doesn't have a way to do password authentication.

I should probably change that a bit to a more sane /etc/pam.d/rexec
that is easier to enable/disable.


"Magazines all too frequently lead to books and should be regarded by the
 prudent as the heavy petting of literature."            -- Fran Lebowitz

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []