How do I...?

Stephen Goggin sgoggin at NetEffect.com
Wed Oct 31 13:43:44 UTC 2007


While I appreciate the replies, I think I'm not explaining properly...

When my PXE clients boot, they don't get to the login prompt.
This has happened before, on a previous PXE image, and it was a PAM
problem...

I don't need passwordless login or userless login... All I really need
is for the client to boot to the point where the "controller" machine
can rlogin into it.

Each client should boot, map an smb share, and set up rlogin. From the
smb share, it runs a series of perl scripts. The "controller" is the
machine that will rlogin to the client and initiate these scripts.
There's no need for anyone to be on the console, except for possible
troubleshooting...

I don't need/want any GUI on the system at all, but I need parts of xorg
to get the scanpci executable needed by some of our perl scripts...

The problem is that the machine doesn't get that far in the boot
process. It gets to "Running /sbin/init" and stops...

I can change it to runlevel 1, and can molest it somewhat, but there's
not a lot to do since it's 95% read-only...

I get "Authentication token manipulation error" when trying to change
the root password with passwd. 

I had Googled the problem a few weeks ago, and the solution I found was
to comment out a line from the /etc/pam.d/ folder. But, like a dummy, I
didn't bookmark the link, and haven't been able to find it since. Now,
it's been over a week, and the PXE machines still aren't booting...

So I think that, rather than wasting more time trying to fight with PAM,
I just want it gone. We need *NO* security whatsoever. It's a VERY
contained network we're running this on...




Again, thanks to The Big Guy and Kris Deugau for replying!






Stephen Goggin
 
Test Engineer
NetEffect, Inc.
9211 Waterford Centre Blvd.
Austin, TX 78758
Email: sgoggin at neteffect.com
 
512.493.3232 :Desk
512.983.1939 :Mobile
512.493.3393 :Fax

-----Original Message-----
From: The Big Guy [mailto:HotShit at RingBurn.com] 
Sent: Tuesday, October 30, 2007 5:12 PM
To: Stephen Goggin
Cc: pam-list at redhat.com
Subject: RE: How do I...?

Hello,


  As a guy who's built his own distro up from source 
code, this seems pretty straight forward to me.

  If you want a password-less "single user" local
login, then try replacing the /sbin/mingetty entries in
/etc/inittab with /bin/sh   That will leave you with root
shells on each of the console ttys.  Alternatively, you
can spawn a shell on a tty directly from your init 
binary (my embedded distro doesn't have an inittab; but
your Redhat distros will).

  If you want a password-less "single user" remote
login, then you'll need to get a copy of Netcat that
supports command execution (the "-e" option) and
set yourself up a script that says something like;
  nc -l -p 23 -e /bin/sh -d

  Optionally this could be tweaked to work out of 
/etc/inetd.d/something (if you run an inetd) ... YMMV
However you deploy it, make sure it respawns or 
you'll only every get one user on.


  For what its worth, once you have more that one
user in your environment, you want to have security;
no matter how isolated those 2+ users are.




----- Original Message -----
>From: "Stephen Goggin" <sgoggin at NetEffect.com>
>To: "Pluggable Authentication Modules" <pam-list at redhat.com>
>Subject:  RE: How do I...?
>Date: Tue, 30 Oct 2007 21:09:23 -0500
>
> Because our software team's code has only been guaranteed
on those 3 OS'
> 
> 
> 
> 
> 
> Stephen Goggin
>  
> Test Engineer
> NetEffect, Inc.
> 9211 Waterford Centre Blvd.
> Austin, TX 78758
> Email: sgoggin at neteffect.com
>  
> 512.493.3232 :Desk
> 512.983.1939 :Mobile
> 512.493.3393 :Fax
> 
> -----Original Message-----
> From: pam-list-bounces at redhat.com
[mailto:pam-list-bounces at redhat.com]
> On Behalf Of Gary L. Greene Jr.
> Sent: Tuesday, October 30, 2007 1:02 PM
> To: Pluggable Authentication Modules
> Subject: Re: How do I...?
> 
> On Tuesday 30 October 2007 09:28:39 am Stephen Goggin wrote:
> > No no.
> >
> > The problem is this:
> >
> > I have a PXE server set up and working. I set up a
system and made a
> PXE
> > image of it.
> >
> > When I PXE boot a system, it hangs before the login prompt.
> >
> > I had seen this once before, and commenting a line from
a file in
> > /etc/pam.d/ fixed it.
> >
> > I haven't been able to find the solution now that it has
arisen again
> > (We re-made the PXE image)...
> >
> > So, I posted to some forums and this mailing list, and
didn't get any
> > replies at all.
> >
> > So, now I want to set up a new system, in either
RHEL4U4, FC4, or FC5,
> > with *NO* PAM anywhere on the machine at all, so that it
won't get in
> > the way in the future.
> >
> > We have no security needs AT ALL. We're using rlogin
with cleartext,
> and
> > rebooting each station approximately every 3 minutes, so
security
> means
> > nothing to us...
> >
> >
> > I appreciate all the help you've provided thus far!
> >
> >
> >
> > Stephen Goggin
> >
> > Test Engineer
> > NetEffect, Inc.
> > 9211 Waterford Centre Blvd.
> > Austin, TX 78758
> > Email: sgoggin at neteffect.com
> >
> > 512.493.3232 :Desk
> > 512.983.1939 :Mobile
> > 512.493.3393 :Fax
> >
> > -----Original Message-----
> > From: pam-list-bounces at redhat.com
[mailto:pam-list-bounces at redhat.com]
> > On Behalf Of Barry Brimer
> > Sent: Tuesday, October 30, 2007 11:13 AM
> > To: Pluggable Authentication Modules
> > Subject: RE: How do I...?
> >
> > Maybe I am not fully understanding your question.  Are
trying to have
> a
> > system
> > that doesn't provide a login prompt whatsoever .. but
automatically
> logs
> > in and
> > provides a shell .. runs a program, etc?  My solution
was to not
> require
> > a
> > password to a login.
> >
> > Quoting Stephen Goggin <sgoggin at NetEffect.com>:
> > > Thanks for the quick reply!
> > >
> > > However, this didn't do the trick, it still gives no
login prompt...
> > >
> > >> -----Original Message-----
> > >
> > > From: pam-list-bounces at redhat.com
> [mailto:pam-list-bounces at redhat.com]
> > > On Behalf Of Barry Brimer
> > > Sent: Monday, October 29, 2007 5:14 PM
> > > To: Pluggable Authentication Modules
> > > Subject: RE: How do I...?
> > >
> > >
> > > 1.  Backup /etc/pam.d
> > > 2.  Have a bootable CD that you can use to regain
access to your
> >
> > system
> >
> > > if this
> > > encounters any issues.
> > > 3.  Double check steps 1 and 2.
> > > 4.  Open 2 root terminals in case you accidentally
close one of them
> > > 5.  Delete the contents of the /etc/pam.d directory
> > > 6.  Create a file named 'other' in /etc/pam.d
> > > 7.  Put the following in /etc/pam.d/other
> > >
> > > auth              sufficient   pam_permit.so
> > > account           sufficient   pam_permit.so
> > > password          sufficient   pam_permit.so
> > > session           sufficient   pam_permit.so
> > >
> > > 8.  Test.
> > > 9.  If this doesn't work, replace sufficient with
required in all
> >
> > lines
> >
> > > above.
> > >
> > > Quoting Stephen Goggin <sgoggin at NetEffect.com>:
> > > > All of the above. I've spent a week trying to find
the answer to
> my
> > >
> > > diskless
> > >
> > > > RHEL4 setup, and I'm sure my boss expected more
results. No one on
> >
> > any
> >
> > > > mailing lists or web forums were of any help
whatsoever...
> > > >
> > > > So, Our PXE network is entirely contained. We don't
even need the
> > >
> > > security we
> > >
> > > > have using cleartext over rlogin, which is none...
> > > >
> > > > I need a small, simple setup with scanpci and rlogin
to run tests
> > >
> > > on...
> > >
> > > > -----Original Message-----
> > > > From: pam-list-bounces at redhat.com on behalf of Barry
Brimer
> > > > Sent: Mon 10/29/2007 3:55 PM
> > > > To: Pluggable Authentication Modules
> > > > Subject: Re: How do I...?
> > > >
> > > > Quoting Stephen Goggin <sgoggin at NetEffect.com>:
> > > > > How would one go about setting up a RHEL4U4 or FC4
or FC5 box
> > >
> > > without any
> > >
> > > > PAM
> > > >
> > > > > whatsoever?
> > > >
> > > > What is your goal exactly?  Elimintating PAM, having
logins that
> >
> > don't
> >
> > > > require
> > > > passwords, or something else entirely?
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > Pam-list mailing list
> > > > Pam-list at redhat.com
> > > > https://www.redhat.com/mailman/listinfo/pam-list
> > >
> > > _______________________________________________
> > > Pam-list mailing list
> > > Pam-list at redhat.com
> > > https://www.redhat.com/mailman/listinfo/pam-list
> > >
> > > _______________________________________________
> > > Pam-list mailing list
> > > Pam-list at redhat.com
> > > https://www.redhat.com/mailman/listinfo/pam-list
> > >
> > > !DSPAM:47275521302229235997293!
> >
> > _______________________________________________
> > Pam-list mailing list
> > Pam-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/pam-list
> >
> > _______________________________________________
> > Pam-list mailing list
> > Pam-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/pam-list
> 
> Why not use a distribution that doesn't use PAM, like
Slackware? Reason
> I ask 
> is that it will likely be far easier to eliminate all use
of PAM by
> using a 
> distro that has decided not to use it at all.
> 
> -- 
> Gary L. Greene, Jr.
> Sent from: peorth.tolharadys.net
>  10:55:27 up 5 days, 14:15,  1 user,  load average: 0.10,
0.14, 0.16
>
========================================================================
> ==
> Developer and Project Lead for the AltimatOS open source
project
> Volunteer Developer for the KDE open source project
> See http://www.altimatos.com/ and http://www.kde.org/ for more
> information
>
========================================================================
> ==
> 
> Please avoid sending me Word or PowerPoint attachments.
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
> 

--
RingBurn.com
"Where there's smoke, there's fire"




More information about the Pam-list mailing list