[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: rlogin/rsh/rexec & PAM



Gary:

I responded to your personal email seperately, the following is a short
blurb for everyone else....


I was finally able to narrow down the problem.  In pam_rhosts_auth.so,
the function call 'innetgr' is used.  This function queries based on
/etc/nsswitch.conf, and looks to see if a specified host is in the
netgroup you asked for.

What I found to be the problem is that under Linux, innetgr doesn't
appear to handle nested netgroups.  In our case, we have top netgroup
'houston', which contains a mix of hosts and other netgroups, one of
which is dapd.  In turn, dapd contains a list of hosts, dapd7 (my sun
machine) is among them.

Under solaris 2.6, if I take the same sample code using innetgr, feeding
it houston for the group, and dapd7 for the machine, I get a positive
(1) return value, whereas under Linux, I get a negative (0) return
value.

As soon as I can do it, I'm going to track down whether this is a bug
under Linux (and if so, how to get it fixed), or if 'nested netgroups'
are a (non-standard?) sun extension.

As a temporary work-around, I've simply added the hosts from which I
need access to the /etc/hosts.equiv file.

Thanks for the ideas.

Cheers,
Dave

-- 
Dave Barnett	Software Support Engineer	x1434
"How come you don't ever hear about gruntled employees?  And who has
 been dis-ing them anyhow?"
	- George Carlin



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []