[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: rlogin/rsh/rexec & PAM

Gary Richardson wrote:
> try checking the spelling of securetty
> then be sure the /etc/securetty file contains the tty or pty's that will be
> connecting.
securetty is spelled properly in the file, sorry.  I had to type it into
email myself, because email is not set up on the linux box.

I've added pty1, pty2, ... pty12 to the list in securetty, but that made
no difference.  My understanding (albeit very limited) is that securetty
only has an effect on 'root' logins, not normal users....

I tried commenting out the securetty line.  Still no change.

In /var/log/messages, it is pam_rhosts_auth that seems to be the
problem.  It appears that the /etc/hosts.equiv file is not being parsed
properly (or perhaps is misconfigured?).  If I specifically add 'dapd7'
to the list, then I can rlogin from dapd7 without a password.  If,
however, I have the following /etc/hosts.equiv file:
@trusted root

I cannot get in without entering a password.  I've also tried with
/etc/hosts.equiv as:
+@trusted root

I can put the linux box in 'promiscuous' mode for pam_rhosts_auth.so,
and add + to hosts.equiv, but I don't want to do that.  The other option
is to add every single machine that needs access, but that's not
convenient, and shouldn't be necessary.

Is there a way to put pam_rhosts_auth into a more verbose mode?  Adding
option 'debug' doesn't increase the level of output in syslog.

Any other ideas?



Dave Barnett	Software Support Engineer	x1434

A day without sunshine is like night.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []