[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: rlogin/rsh/rexec & PAM

kenneth topp wrote:
> Dave,

> it should work.  try (on the machine you are trying to get to):
Good.  I really don't want to have to manually add all these hosts.....

>  ypcat -k netgroup.byhost
Piping to grep for 'dapd7' (my machine), I get the following:
dapd7.houstondp dapd,houston,production

> if you don't see the map, then it's a nis error, if you see the hostname
> of your client (suffixed with ".*"), make sure it matches the FQDN of the
> reverse dns lookup ('who -ml' will help you get this).
If I rlogin to the linux box (barnett-pc), and run who -ml, I get:
barnett-pc!barnett  pts/7    Apr  6 10:12 (dapd7)

>  If it's not, then
> there is your problem.  If you see it, you should see the list of
> netgroups it's a member of, is the one you added to /etc/hosts.equiv
> there.. etc. etc.
It is.  /etc/hosts.equiv looks like:
+@trusted root

If I remove dapd7 from /etc/hosts.equiv, I cannot get in without my
password.  The netgroup lookup is failing to answer 'true'.

Removing 'dapd7', and adding in '+@dapd' or '+@production' also makes no

So, the only way I can get in without my password via rlogin is to add
'dapd7' to /etc/hosts.equiv.

The netgroup nis map looks like this:
<many other netgroups>
dapd \
	( dapd6,,houstondp)\
        ( dapd7,,houstondp)\
        ( dapd8,,houstondp)\
        ( barnett-pc,,houstondp)\
<blank line>
<many other netgroups>

> yp makes a reverse map for this, but there are a lot of reasons why you
> could have trouble. from the nis map not available on the server, to
> illegal formating in the map.  The debug techniques should help you get
> closer to get it working correctly.
Any other places to look?  Which library is innetgr in, do you know?  Is
there a debug version of that library?

> Rest assured, this works under linux.  Let us know.
> Kenneth

Dave Barnett	Software Support Engineer	x1434

"Sometimes you just need the clear epiphany of an a%%-kicking."
	- Nathan Regener

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []