1 |
I do have an entry in the /root/.rhosts file for the remote node, but |
2 |
it actually seems that pam is outright rejecting the rsh connection |
3 |
|
4 |
I'll have to play with the pam settings I suppose. |
5 |
|
6 |
Thanks again for the help... |
7 |
|
8 |
-Jared |
9 |
|
10 |
On 5/17/06, Brady Catherman <bradyc@××××××.edu> wrote: |
11 |
> I assume you mean passwordless logins. |
12 |
> |
13 |
> my /etc/pam.d/rlogin: |
14 |
> #%PAM-1.0 |
15 |
> # For root login to succeed here with pam_securetty, "rlogin" must be |
16 |
> # listed in /etc/securetty. |
17 |
> auth required pam_nologin.so |
18 |
> auth required pam_securetty.so |
19 |
> auth required pam_env.so |
20 |
> auth sufficient pam_rhosts_auth.so |
21 |
> auth include system-auth |
22 |
> account include system-auth |
23 |
> password include system-auth |
24 |
> session include system-auth |
25 |
> |
26 |
> My /etc/pam.d/rsh |
27 |
> #%PAM-1.0 |
28 |
> # For root login to succeed here with pam_securetty, "rsh" must be |
29 |
> # listed in /etc/securetty. |
30 |
> auth required pam_nologin.so |
31 |
> auth required pam_securetty.so |
32 |
> auth optional pam_env.so |
33 |
> |
34 |
> # Uncomment this and comment the following to use rhosts_auth module |
35 |
> auth required pam_rhosts_auth.so |
36 |
> #auth include system-auth |
37 |
> |
38 |
> account include system-auth |
39 |
> session include system-auth |
40 |
> |
41 |
> My /etc/pam.d/rexec |
42 |
> #%PAM-1.0 |
43 |
> # For root login to succeed here with pam_securetty, "rexec" must be |
44 |
> # listed in /etc/securetty. |
45 |
> auth required pam_nologin.so |
46 |
> auth required pam_securetty.so |
47 |
> auth optional pam_env.so |
48 |
> auth required pam_rhosts_auth.so |
49 |
> auth include system-auth |
50 |
> account include system-auth |
51 |
> session include system-auth |
52 |
> |
53 |
> |
54 |
> then add the three protocols to /etc/securetty =) |
55 |
> |
56 |
> |
57 |
> |
58 |
> |
59 |
> |
60 |
> |
61 |
> On May 17, 2006, at 1:54 PM, Jared Greenwald wrote: |
62 |
> |
63 |
> > Now the only problem is how do stop pam from blocking rsh access? |
64 |
> > |
65 |
> > -Jared |
66 |
> > |
67 |
> > On 5/17/06, Brady Catherman <bradyc@××××××.edu> wrote: |
68 |
> >> There shouldn't be an rsh process running. xinetd starts it when a |
69 |
> >> user connects. |
70 |
> >> |
71 |
> >> The best way to troubleshoot xinetd problems is to start xinetd in |
72 |
> >> debugging mode. |
73 |
> >> |
74 |
> >> xinetd -d |
75 |
> >> |
76 |
> >> If you see that the servive started then you can do a netstat -ap and |
77 |
> >> look for the service name in there (shell/login/exec for rsh/rlogin/ |
78 |
> >> rexec). Once there you should be good to go =) |
79 |
> >> |
80 |
> >> |
81 |
> >> On May 17, 2006, at 1:35 PM, Jared Greenwald wrote: |
82 |
> >> |
83 |
> >> > I'm looking for some help in setting up netkit rsh. |
84 |
> >> > |
85 |
> >> > Please no comments about how rsh in unsecure and all that = I know |
86 |
> >> > that, but I need rsh specifically to hook into a tool that my IT |
87 |
> >> > department uses for backups. |
88 |
> >> > |
89 |
> >> > So, I've got netkit-rsh and xinetd installed. |
90 |
> >> > |
91 |
> >> > In the /etc/xinetd.d/rsh file I've changed the following from: |
92 |
> >> > |
93 |
> >> > disable yes |
94 |
> >> > |
95 |
> >> > to |
96 |
> >> > |
97 |
> >> > disable no |
98 |
> >> > |
99 |
> >> > Then I restarted xinetd. At this point there is an xinetd process, |
100 |
> >> > but no rsh (rshd or in.rsh) process running. |
101 |
> >> > |
102 |
> >> > A quick look in the log shows that one xinetd service has started: |
103 |
> >> > |
104 |
> >> > May 17 13:47:21 neserv-1 xinetd[7141]: xinetd Version 2.3.13 |
105 |
> >> started |
106 |
> >> > with libwrap loadavg options compiled in. |
107 |
> >> > May 17 13:47:21 neserv-1 xinetd[7141]: Started working: 1 available |
108 |
> >> > service |
109 |
> >> > |
110 |
> >> > So, the question is - what am I missing? |
111 |
> >> > |
112 |
> >> > Any and all assistance would be greatly appreciated. |
113 |
> >> > |
114 |
> >> > Thanks, |
115 |
> >> > Jared |
116 |
> >> > |
117 |
> >> > -- |
118 |
> >> > gentoo-cluster@g.o mailing list |
119 |
> >> > |
120 |
> >> |
121 |
> >> -- |
122 |
> >> gentoo-cluster@g.o mailing list |
123 |
> >> |
124 |
> >> |
125 |
> > |
126 |
> > -- |
127 |
> > gentoo-cluster@g.o mailing list |
128 |
> > |
129 |
> |
130 |
> -- |
131 |
> gentoo-cluster@g.o mailing list |
132 |
> |
133 |
> |
134 |
|
135 |
-- |
136 |
gentoo-cluster@g.o mailing list |