[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

rlogin/rsh/rexec & PAM

I hope this is the correct forum for this question.....

RH6.2 machine, running NIS, and NFS.  rlogin works fine, but I must
enter my password to access the machine.  When I rlogin,
/var/log/messages has entries of:
pam_rhosts_auth[pid]: denied to barnett@dapd7 as barnett: access not

and then I am prompted for my password.

In /etc/hosts.equiv, I have:
+@trusted root

I've tried with and without the "+" before the netgroup, but that makes
no difference.  If I add my machine (dapd7) to the hosts.equiv file, I
can get in without entering my password, and rsh works fine.  houston is
a netgroup containing other netgroups, and some systems.  It contains
group 'dapd', which in turn has host '(dapd7,,houstondp)'.

In /etc/pam.d/rlogin, the following entries exist (should be the default
provided with pam-0.72):
auth	sufficient	/lib/security/pam_rhosts_auth.so
auth	required	/lib/security/pam_securtty.so
auth	required	/lib/security/pam_pwdb.so shadow nullok
auth	required	/lib/security/pam_nologin.so

I can add '+' in /etc/hosts.equiv, and add 'promiscuous' to the
rhosts_auth.so line, but I don't really like that idea.  I also don't
want to manually enter each machine (there are at least 100 machines

I've read through the html docs provided with the pam package, and still
can't figure out what's wrong.  As far as I can tell, the rlogin entry
matches the example in the documentation.

Can someone provide some insight on what the error message indicates
("...access not allowed"), and/or how to fix it?  How about a way to
debug it, since the 'debug' entry on rhosts_auth.so doesn't appear to
provide any extra output?  Or even a RTFM would be fine, if you'll point
me to the FM that answers my question.



Dave Barnett	Software Support Engineer	x1434

"If you're sending someone some Styrofoam, what do you pack it in?"
	- George Carlin

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []