I'm pretty sure it is PAM, since that is what authorizes the login... And you are testing this on RHEL5? It works fine on RHEL3 for me. Also, your ypmatches below don't list any hosts (although I understand what you are showing).
I tried adding the "debug" option to pam_rhosts in /etc/pam.d/rsh and /etc/pam.d/rlogin, but I see NO extra output in any of my log files. Anyone know how to make it actually *show* debug output? My pam files are look like this: :::::::::::::: rsh :::::::::::::: #%PAM-1.0 # For root login to succeed here with pam_securetty, "rsh" must be # listed in /etc/securetty. auth required pam_nologin.so auth required pam_securetty.so auth required pam_env.so auth required pam_rhosts.so debug account include system-auth session optional pam_keyinit.so force revoke session include system-auth :::::::::::::: rlogin :::::::::::::: #%PAM-1.0 # For root login to succeed here with pam_securetty, "rlogin" must be # listed in /etc/securetty. auth required pam_nologin.so auth required pam_securetty.so auth required pam_env.so auth sufficient pam_rhosts.so debug auth include system-auth account include system-auth password include system-auth session optional pam_keyinit.so force revoke session include system-auth One other difference might be that I am using RFC2307 (NIS data stored in LDAP), but again, it works fine on my RHEL3 systems using the same data. Thanks, Kevin -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Krizak Sent: Thursday, August 16, 2007 9:21 AM To: Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list Subject: Re: [rhelv5-list] .rhosts / hosts.equiv + netgroup subgroups broken? Works fine for me... [EMAIL PROTECTED] ~]$ cat /etc/hosts.equiv [EMAIL PROTECTED] [EMAIL PROTECTED] ~]$ ypmatch trusted_hosts netgroup mpd.trusted_hosts [EMAIL PROTECTED] ~]$ ypmatch mpd.trusted_hosts netgroup mpd.andc.trusted_hosts mpd.asdc.trusted_hosts mpd.bdc.trusted_hosts mpd.mhdc.trusted_hosts mpd.svdc.trusted_hosts And so on and so on. You sure the problem is with hosts.equiv/.rhosts? You might be facing a PAM issue... Paul Krizak 5900 E. Ben White Blvd. MS 625 Advanced Micro Devices Austin, TX 78741 Linux/Unix Systems Engineering Phone: (512) 602-8775 Silicon Design Division Cell: (512) 791-0686 Collins, Kevin [MindWorks] wrote: > Hi, > > it would appear that using an NIS netgroup entry in the .rhosts > or hosts.equiv files does not work as expected in RHEL5. Any hosts > included top-level netgroup work, but not in the sub-groups. > > As an example, this allows server1, server2 and server3 to rsh in: > > In netgroup: > > linux (server1,,) (server2,,) (server3,,) > > In .rhosts: > > [EMAIL PROTECTED] > > > while this only allows server2 to rsh in: > > In netgroup: > > linux sub1 sub2 (server2,,) > sub1 (server1,,) > sub2 (server3,,) > > This is not the behavior I have seen in the past on previous versions of > RHEL (including RHEL3 where it working fine at the moment)... Has anyone > else seen this? I didn't find anything in bugzilla. > > Thanks, > > Kevin > > > > ------------------------------------------------------------------------ > > _______________________________________________ > rhelv5-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/rhelv5-list _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
