I had that in my configuration. I just turned on 0.0.0.0 for the only_from, which allows from anyone. The key for me was to comment out the secure_tty setting in /etc/pam.d/rsh. This allowed no-passwd rsh login.
Thanks again for all the help... -Jared On 5/17/06, Brady Catherman <[EMAIL PROTECTED]> wrote:
Gah! You did the same thing I did.. exit /etc/xinetd.conf and look for the line: only_from = localhost and add this line after it: only_from += <your ip range>/24 This always catches me off guard. I forget it and spend days trying to fix it! =) On May 17, 2006, at 5:31 PM, Jared Greenwald wrote: > I do have an entry in the /root/.rhosts file for the remote node, but > it actually seems that pam is outright rejecting the rsh connection > > I'll have to play with the pam settings I suppose. > > Thanks again for the help... > > -Jared > > On 5/17/06, Brady Catherman <[EMAIL PROTECTED]> wrote: >> I assume you mean passwordless logins. >> >> my /etc/pam.d/rlogin: >> #%PAM-1.0 >> # For root login to succeed here with pam_securetty, "rlogin" must be >> # listed in /etc/securetty. >> auth required pam_nologin.so >> auth required pam_securetty.so >> auth required pam_env.so >> auth sufficient pam_rhosts_auth.so >> auth include system-auth >> account include system-auth >> password include system-auth >> session include system-auth >> >> My /etc/pam.d/rsh >> #%PAM-1.0 >> # For root login to succeed here with pam_securetty, "rsh" must be >> # listed in /etc/securetty. >> auth required pam_nologin.so >> auth required pam_securetty.so >> auth optional pam_env.so >> >> # Uncomment this and comment the following to use rhosts_auth module >> auth required pam_rhosts_auth.so >> #auth include system-auth >> >> account include system-auth >> session include system-auth >> >> My /etc/pam.d/rexec >> #%PAM-1.0 >> # For root login to succeed here with pam_securetty, "rexec" must be >> # listed in /etc/securetty. >> auth required pam_nologin.so >> auth required pam_securetty.so >> auth optional pam_env.so >> auth required pam_rhosts_auth.so >> auth include system-auth >> account include system-auth >> session include system-auth >> >> >> then add the three protocols to /etc/securetty =) >> >> >> >> >> >> >> On May 17, 2006, at 1:54 PM, Jared Greenwald wrote: >> >> > Now the only problem is how do stop pam from blocking rsh access? >> > >> > -Jared >> > >> > On 5/17/06, Brady Catherman <[EMAIL PROTECTED]> wrote: >> >> There shouldn't be an rsh process running. xinetd starts it when a >> >> user connects. >> >> >> >> The best way to troubleshoot xinetd problems is to start xinetd in >> >> debugging mode. >> >> >> >> xinetd -d >> >> >> >> If you see that the servive started then you can do a netstat - >> ap and >> >> look for the service name in there (shell/login/exec for rsh/ >> rlogin/ >> >> rexec). Once there you should be good to go =) >> >> >> >> >> >> On May 17, 2006, at 1:35 PM, Jared Greenwald wrote: >> >> >> >> > I'm looking for some help in setting up netkit rsh. >> >> > >> >> > Please no comments about how rsh in unsecure and all that = I >> know >> >> > that, but I need rsh specifically to hook into a tool that my IT >> >> > department uses for backups. >> >> > >> >> > So, I've got netkit-rsh and xinetd installed. >> >> > >> >> > In the /etc/xinetd.d/rsh file I've changed the following from: >> >> > >> >> > disable yes >> >> > >> >> > to >> >> > >> >> > disable no >> >> > >> >> > Then I restarted xinetd. At this point there is an xinetd >> process, >> >> > but no rsh (rshd or in.rsh) process running. >> >> > >> >> > A quick look in the log shows that one xinetd service has >> started: >> >> > >> >> > May 17 13:47:21 neserv-1 xinetd[7141]: xinetd Version 2.3.13 >> >> started >> >> > with libwrap loadavg options compiled in. >> >> > May 17 13:47:21 neserv-1 xinetd[7141]: Started working: 1 >> available >> >> > service >> >> > >> >> > So, the question is - what am I missing? >> >> > >> >> > Any and all assistance would be greatly appreciated. >> >> > >> >> > Thanks, >> >> > Jared >> >> > >> >> > -- >> >> > [email protected] mailing list >> >> > >> >> >> >> -- >> >> [email protected] mailing list >> >> >> >> >> > >> > -- >> > [email protected] mailing list >> > >> >> -- >> [email protected] mailing list >> >> > > -- > [email protected] mailing list > -- [email protected] mailing list
-- [email protected] mailing list
