[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: rlogin/rsh/rexec & PAM



try checking the spelling of securetty
then be sure the /etc/securetty file contains the tty or pty's that will be
connecting.

Dave Barnett wrote:

> I hope this is the correct forum for this question.....
>
> RH6.2 machine, running NIS, and NFS.  rlogin works fine, but I must
> enter my password to access the machine.  When I rlogin,
> /var/log/messages has entries of:
> pam_rhosts_auth[pid]: denied to barnett@dapd7 as barnett: access not
> allowed
>
> and then I am prompted for my password.
>
> In /etc/hosts.equiv, I have:
> +@houston
> +@trusted root
>
> I've tried with and without the "+" before the netgroup, but that makes
> no difference.  If I add my machine (dapd7) to the hosts.equiv file, I
> can get in without entering my password, and rsh works fine.  houston is
> a netgroup containing other netgroups, and some systems.  It contains
> group 'dapd', which in turn has host '(dapd7,,houstondp)'.
>
> In /etc/pam.d/rlogin, the following entries exist (should be the default
> provided with pam-0.72):
> auth    sufficient      /lib/security/pam_rhosts_auth.so
> auth    required        /lib/security/pam_securtty.so
> auth    required        /lib/security/pam_pwdb.so shadow nullok
> auth    required        /lib/security/pam_nologin.so
> .
> .
> .
>
> I can add '+' in /etc/hosts.equiv, and add 'promiscuous' to the
> rhosts_auth.so line, but I don't really like that idea.  I also don't
> want to manually enter each machine (there are at least 100 machines
> here).
>
> I've read through the html docs provided with the pam package, and still
> can't figure out what's wrong.  As far as I can tell, the rlogin entry
> matches the example in the documentation.
>
> Can someone provide some insight on what the error message indicates
> ("...access not allowed"), and/or how to fix it?  How about a way to
> debug it, since the 'debug' entry on rhosts_auth.so doesn't appear to
> provide any extra output?  Or even a RTFM would be fine, if you'll point
> me to the FM that answers my question.
>
> Thanks.
>
> Cheers,
> Dave
>
> --
> Dave Barnett    Software Support Engineer       x1434
>
> "If you're sending someone some Styrofoam, what do you pack it in?"
>         - George Carlin
>
> --
> To unsubscribe: mail -s unsubscribe pam-list-request@redhat.com < /dev/null

--
Gary Richardson
garich@ptd.net
Gary_Richardson@ibi.com





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []