Cannot rsh on woody

Eray Ozkural (exa) erayo at cs.bilkent.edu.tr
Sun Nov 26 20:47:46 CET 2000 

Hi!

"Jens Rühmkorf" wrote:
> Well, we have a woody-node up and running with rsh and NIS. So we should
> be able to figure out what your problem is :)
> 
> 0. If you have not already done so, take a closer look in /var/log/auth.log,
> then check one ore more of the following:
> 

The problem is obviously with PAM but I couldn't really solve it.

this happens when I first try
exa at borg:~$ rlogin node01

at node01

Nov 26 21:44:14 node01 pam_rhosts_auth[11259]: allowed to exa at borg as exa
Nov 26 21:44:14 node01 in.rlogind[11259]: PAM authentication failed for in.rlogind

Then at borg I get asked the pass.

Nov 26 21:45:22 node01 PAM_unix[11262]: check pass; user unknown
Nov 26 21:45:22 node01 PAM_unix[11262]: authentication failure; (uid=0) -> exa for login service
Nov 26 21:45:25 node01 login[11262]: FAILED LOGIN (1) on `pts/1' from `borg' FOR `exa', Authentication service cannot retrieve authentication info.

!!! What's going on here?

> 1. What does e.g. /etc/hosts.equiv say? Something like
> -- snip --
> + at cluster
> -- snap --

node01:~# cat /etc/hosts.equiv 
+ at faiclients


> 2. Are your netgroups properly defined? So, does /etc/netgroup somewhat look
> like this:
> 
node01:~# ypcat netgroup
(borg,,) (node01,,) (node03,,) (node04,,) (node05,,) (node06,,) (node07,,) (node08,,)(node09,,) (node10,,) (node11,,) (node12,,) (node13,,) (node15,,)(node16,,)
(node18,,) (node19,,) (node20,,) (node21,,) (node22,,)(node23,,) (node24,,) (node25,,) (node27,,) (node28,,) (node29,,) (node30,,) (node31,,) (node32,,)
(node33,,) (node34,,) (node35,,) (node36,,) (exa.homeip.net,,)
(borg,,)


> 3. What's about PAM? rsh / rlogin use a file in /etc/pam.d/ to setup their
> PAM service modules (/etc/pam.conf is seldomly used for this).  So, do you
> have a line like
> 
> auth            sufficient      pam_rhosts_auth.so
> 
> in /etc/pam.d/rlogin?
>

node01:~# cat /etc/pam.d/rlogin
#%PAM-1.0
auth		required	pam_securetty.so
auth		sufficient	pam_rhosts_auth.so
auth		required	pam_unix_auth.so shadow nullok
auth		required	pam_nologin.so
account		required	pam_unix_acct.so
password	required	pam_cracklib.so
password 	required	pam_unix_passwd.so shadow nullok use_authtok
session		required	pam_unix_session.so
node01:~# cat /etc/pam.d/rsh   
%PAM-1.0
auth	sufficient	pam_rhosts_auth.so
auth	required	pam_nologin.so
auth	required	pam_env.so
account	required	pam_unix_acct.so
session	required	pam_unix_session.so

 
> Send me more details about your configuration if this still fails. If PAM is
> your problem (what I suppose) maybe you want to take a look at the pam-doc
> (included in package libpam-doc).
>

I'll have another look at the pam docs, but I must admit that I'm a bit
puzzled by this situation. By the way, I wonder if there's anyway to remove
this pam thing altogether.
 
> Hope this helps!
> 

Thanks a lot. I'd be glad if you could have another look at the data I send now. As I said before nis seems to be in perfect shape, it's just that in.rlogind
fails :(

> Jens

-- 
Eray (exa) Ozkural
Comp. Sci. Dept., Bilkent University, Ankara
e-mail: erayo at cs.bilkent.edu.tr
www: http://www.cs.bilkent.edu.tr/~erayo

More information about the linux-fai mailing list