Date: Wed, 21 Jan 2009 12:52:00 +0100
From: Honest Guvnor <[email protected]>
Subject: Fwd: rsh and firewall
On Wed, Jan 21, 2009 at 11:06 AM, Faye Gibbins
<[email protected]> wrote:
> Yes rsh is a pain to setup. Please, please, please think about either:
>
> ssh
We are having some problems with ssh also. What we need is to have the
compute nodes passwordless to the host and each other. Unfortunately,
when we use ssh to connect from outside to the host and then onto a
node (there is no access to the nodes except via the host) the keys
setup for host+nodes do not work. Setting up sets of keys for all the
machines that might be used to access the host does not seem right. Is
there an rsh-type solution of just entries/keys for the host+nodes?
> or kerberosized rsh.
This is probably easier to accompish by modifying the PAM system-auth
settings. Editing PAM will change password behaviour for rsh, ssh,
console, etc. all at the same time.
On your compute nodes, in the file /etc/pam.d/system-auth change the line:
account required pam_unix.so
to:
account required pam_unix.so broken_shadow
This will accept a user login when they do not a have shadow entry (ie.
no password, not even an empty one).
http://www.centos.org/docs/5/html/5.2/Deployment_Guide/s1-pam-sample-simple.html
http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-pam_unix.html
You will still need a way for the compute nodes to be aware of usernames
& uids (ie. /etc/passwd info).
This fix is from perceus, software to provision operating systems to
compute nodes:
https://perceus.org/svn/perceus/1.3/scripts/share/scientific-linux-4.5-genchroot.sh
