Bug 63607

Summary: NIS netgroups in .rhosts file causes rlogin and rsh to fail
Product: [Retired] Red Hat Public Beta Reporter: Joseph F. Tombrello <joseph_f_tombrello-nr>
Component: pamAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED CURRENTRELEASE QA Contact: Aaron Brown <abrown>
Severity: medium Docs Contact:
Priority: medium    
Version: skipjack-beta2   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-04-17 04:48:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 61901    

Description Joseph F. Tombrello 2002-04-16 07:32:41 UTC
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.9-31smp i686)

Description of problem:
If I use NIS netgroups in .rhosts file ( e.g. +@servers for netgroup servers),
rlogin to my account fails with error:
rlogin: connection closed.
Similarly, rsh fails with the error:
rcmd: hostname: short read

Both rlogin and rsh work correctly if I use hostnames in .rhosts file rather
than netgroups.
Use of netgroups in  the .rhosts file works correctly on all of our RedHat 7.1
and RedHat 7.2 systems.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.Create a .rhosts file for a user account on the skipjack-beta2 system
containing only netgroups, e.g.
  +@servers
  +@clients  

2. From the  user account on a remote machine that is a member of one of the
netgroups, rlogin to the affected machine. 

	

Actual Results:  I get a connection closed. The user is not logged into the
system.

Expected Results:  User should be logged into skipjack-beta2 system.

Additional info:

Here is the contents of the systems /etc/pam.d/rlogin file:

#%PAM-1.0
# For root login to succeed here with pam_securetty, "rlogin" must be
# listed in /etc/securetty.
auth       required     /lib/security/pam_nologin.so
auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_env.so
auth       sufficient   /lib/security/pam_rhosts_auth.so
auth       required     /lib/security/pam_stack.so service=system-auth
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth

And the contents of the /etc/pam.d/system-auth file:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/pam_krb5.so use_first_pass
auth        required      /lib/security/pam_deny.so

account     required      /lib/security/pam_unix.so

password    required      /lib/security/pam_cracklib.so retry=3
password    sufficient    /lib/security/pam_unix.so nullok use_authtok shadow
nis
password    sufficient    /lib/security/pam_krb5.so use_authtok
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so
session     optional      /lib/security/pam_krb5.so
session     optional      /lib/security/pam_mkhomedir.so

Comment 1 Joseph F. Tombrello 2002-05-22 21:34:14 UTC
Upgraded test machines to RedHat 7.3 final and problem no longer exists.