Have you checked /etc/security/access.conf? That's the one that always
screws us up...
Paul Krizak 5900 E. Ben White Blvd. MS 625
Advanced Micro Devices Austin, TX 78741
Linux/Unix Systems Engineering Phone: (512) 602-8775
Silicon Design Division Cell: (512) 791-0686
Collins, Kevin [MindWorks] wrote:
I'm pretty sure it is PAM, since that is what authorizes the login...
And you are testing this on RHEL5? It works fine on RHEL3 for me. Also,
your ypmatches below don't list any hosts (although I understand what
you are showing).
I tried adding the "debug" option to pam_rhosts in /etc/pam.d/rsh and
/etc/pam.d/rlogin, but I see NO extra output in any of my log files.
Anyone know how to make it actually *show* debug output?
My pam files are look like this:
::::::::::::::
rsh
::::::::::::::
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rsh" must be
# listed in /etc/securetty.
auth required pam_nologin.so
auth required pam_securetty.so
auth required pam_env.so
auth required pam_rhosts.so debug
account include system-auth
session optional pam_keyinit.so force revoke
session include system-auth
::::::::::::::
rlogin
::::::::::::::
#%PAM-1.0
# For root login to succeed here with pam_securetty, "rlogin" must be
# listed in /etc/securetty.
auth required pam_nologin.so
auth required pam_securetty.so
auth required pam_env.so
auth sufficient pam_rhosts.so debug
auth include system-auth
account include system-auth
password include system-auth
session optional pam_keyinit.so force revoke
session include system-auth
One other difference might be that I am using RFC2307 (NIS data stored
in LDAP), but again, it works fine on my RHEL3 systems using the same
data.
Thanks,
Kevin
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Paul Krizak
Sent: Thursday, August 16, 2007 9:21 AM
To: Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list
Subject: Re: [rhelv5-list] .rhosts / hosts.equiv + netgroup subgroups
broken?
Works fine for me...
[EMAIL PROTECTED] ~]$ cat /etc/hosts.equiv
[EMAIL PROTECTED]
[EMAIL PROTECTED] ~]$ ypmatch trusted_hosts netgroup
mpd.trusted_hosts
[EMAIL PROTECTED] ~]$ ypmatch mpd.trusted_hosts netgroup
mpd.andc.trusted_hosts mpd.asdc.trusted_hosts mpd.bdc.trusted_hosts
mpd.mhdc.trusted_hosts mpd.svdc.trusted_hosts
And so on and so on.
You sure the problem is with hosts.equiv/.rhosts? You might be facing a
PAM issue...
Paul Krizak 5900 E. Ben White Blvd. MS 625
Advanced Micro Devices Austin, TX 78741
Linux/Unix Systems Engineering Phone: (512) 602-8775
Silicon Design Division Cell: (512) 791-0686
Collins, Kevin [MindWorks] wrote:
Hi,
it would appear that using an NIS netgroup entry in the
.rhosts
or hosts.equiv files does not work as expected in RHEL5. Any hosts
included top-level netgroup work, but not in the sub-groups.
As an example, this allows server1, server2 and server3 to rsh in:
In netgroup:
linux (server1,,) (server2,,) (server3,,)
In .rhosts:
[EMAIL PROTECTED]
while this only allows server2 to rsh in:
In netgroup:
linux sub1 sub2 (server2,,)
sub1 (server1,,)
sub2 (server3,,)
This is not the behavior I have seen in the past on previous versions
of
RHEL (including RHEL3 where it working fine at the moment)... Has
anyone
else seen this? I didn't find anything in bugzilla.
Thanks,
Kevin
------------------------------------------------------------------------
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
