Cannot rsh on woody

Eray Ozkural (exa) erayo at
Sun Nov 26 20:47:46 CET 2000


"Jens Rühmkorf" wrote:
> Well, we have a woody-node up and running with rsh and NIS. So we should
> be able to figure out what your problem is :)
> 0. If you have not already done so, take a closer look in /var/log/auth.log,
> then check one ore more of the following:

The problem is obviously with PAM but I couldn't really solve it.

this happens when I first try
exa at borg:~$ rlogin node01

at node01

Nov 26 21:44:14 node01 pam_rhosts_auth[11259]: allowed to exa at borg as exa
Nov 26 21:44:14 node01 in.rlogind[11259]: PAM authentication failed for in.rlogind

Then at borg I get asked the pass.

Nov 26 21:45:22 node01 PAM_unix[11262]: check pass; user unknown
Nov 26 21:45:22 node01 PAM_unix[11262]: authentication failure; (uid=0) -> exa for login service
Nov 26 21:45:25 node01 login[11262]: FAILED LOGIN (1) on `pts/1' from `borg' FOR `exa', Authentication service cannot retrieve authentication info.

!!! What's going on here?

> 1. What does e.g. /etc/hosts.equiv say? Something like
> -- snip --
> + at cluster
> -- snap --

node01:~# cat /etc/hosts.equiv 
+ at faiclients

> 2. Are your netgroups properly defined? So, does /etc/netgroup somewhat look
> like this:
node01:~# ypcat netgroup
(borg,,) (node01,,) (node03,,) (node04,,) (node05,,) (node06,,) (node07,,) (node08,,)(node09,,) (node10,,) (node11,,) (node12,,) (node13,,) (node15,,)(node16,,)
(node18,,) (node19,,) (node20,,) (node21,,) (node22,,)(node23,,) (node24,,) (node25,,) (node27,,) (node28,,) (node29,,) (node30,,) (node31,,) (node32,,)
(node33,,) (node34,,) (node35,,) (node36,,) (,,)

> 3. What's about PAM? rsh / rlogin use a file in /etc/pam.d/ to setup their
> PAM service modules (/etc/pam.conf is seldomly used for this).  So, do you
> have a line like
> auth            sufficient
> in /etc/pam.d/rlogin?

node01:~# cat /etc/pam.d/rlogin
auth		required
auth		sufficient
auth		required shadow nullok
auth		required
account		required
password	required
password 	required shadow nullok use_authtok
session		required
node01:~# cat /etc/pam.d/rsh   
auth	sufficient
auth	required
auth	required
account	required
session	required

> Send me more details about your configuration if this still fails. If PAM is
> your problem (what I suppose) maybe you want to take a look at the pam-doc
> (included in package libpam-doc).

I'll have another look at the pam docs, but I must admit that I'm a bit
puzzled by this situation. By the way, I wonder if there's anyway to remove
this pam thing altogether.
> Hope this helps!

Thanks a lot. I'd be glad if you could have another look at the data I send now. As I said before nis seems to be in perfect shape, it's just that in.rlogind
fails :(

> Jens

Eray (exa) Ozkural
Comp. Sci. Dept., Bilkent University, Ankara
e-mail: erayo at

More information about the linux-fai mailing list