[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: rlogin/rsh/rexec & PAM



Dave, 

it should work.  try (on the machine you are trying to get to):

 ypcat -k netgroup.byhost

if you don't see the map, then it's a nis error, if you see the hostname
of your client (suffixed with ".*"), make sure it matches the FQDN of the
reverse dns lookup ('who -ml' will help you get this).  If it's not, then
there is your problem.  If you see it, you should see the list of
netgroups it's a member of, is the one you added to /etc/hosts.equiv
there.. etc. etc.

yp makes a reverse map for this, but there are a lot of reasons why you
could have trouble. from the nis map not available on the server, to
illegal formating in the map.  The debug techniques should help you get
closer to get it working correctly.

Rest assured, this works under linux.  Let us know.

Kenneth

On Thu, 6 Apr 2000, Dave Barnett wrote:

> Gary:
> 
> I responded to your personal email seperately, the following is a short
> blurb for everyone else....
> 
> 
> I was finally able to narrow down the problem.  In pam_rhosts_auth.so,
> the function call 'innetgr' is used.  This function queries based on
> /etc/nsswitch.conf, and looks to see if a specified host is in the
> netgroup you asked for.
> 
> What I found to be the problem is that under Linux, innetgr doesn't
> appear to handle nested netgroups.  In our case, we have top netgroup
> 'houston', which contains a mix of hosts and other netgroups, one of
> which is dapd.  In turn, dapd contains a list of hosts, dapd7 (my sun
> machine) is among them.
> 
> Under solaris 2.6, if I take the same sample code using innetgr, feeding
> it houston for the group, and dapd7 for the machine, I get a positive
> (1) return value, whereas under Linux, I get a negative (0) return
> value.
> 
> As soon as I can do it, I'm going to track down whether this is a bug
> under Linux (and if so, how to get it fixed), or if 'nested netgroups'
> are a (non-standard?) sun extension.
> 
> As a temporary work-around, I've simply added the hosts from which I
> need access to the /etc/hosts.equiv file.
> 
> Thanks for the ideas.
> 
> Cheers,
> Dave
> 
> 



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []