Bug 8445

Summary: rsh from Sun/Solaris machine fails randomly
Product: [Retired] Red Hat Linux Reporter: richieb
Component: pamAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED WORKSFORME QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6.1   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-01-25 00:03:17 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description richieb 2000-01-13 15:31:25 UTC 
We have a RH 6.1 in a network of Sun/Solaris machines. We use NIS+.
We have a script that executes several rsh commands on the
Linux box and randomly some of the rsh commands fail with
"Permisson Denied".

The /var/log/messages contains these lines:

Jan 12 20:55:46 etorki automount[586]: attempting to mount entry
/home/rainman
Jan 12 20:55:47 etorki pam_rhosts_auth[28238]: allowed to rainman@crepy as
rainman
Jan 12 20:55:47 etorki pam_rhosts_auth[28239]: allowed to rainman@crepy as
rainman
Jan 12 20:55:47 etorki PAM_unix[28239]: could not identify user (from
getpwnam(rainman))
Jan 12 20:55:47 etorki PAM_unix[28238]: (rsh) session opened for user
rainman by (uid=0)

The rsh for pid 28238 worked, but for pid 28239 is did not.

The /etc/pam.d/rsh file contains:

#%PAM-1.0
auth       required     /lib/security/pam_securetty.so
auth       sufficient   /lib/security/pam_rhosts_auth.so
auth       required     /lib/security/pam_unix_auth.so
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_unix_acct.so
password   required     /lib/security/pam_unix_passwd.so
session    required     /lib/security/pam_unix_session.so


It was updated according to NIS+ How To.

Finally /var/log/secure for the same time contains:

[root@etorki log]# grep "Jan 12 20:55:" secure
Jan 12 20:55:45 etorki in.rshd[28238]: connect from crepy
Jan 12 20:55:45 etorki in.rshd[28239]: connect from crepy
Jan 12 20:55:48 etorki in.rshd[28256]: connect from crepy


We are using the pam package that came with RH 6.1 and I added
pam_keylogin module.

Thanks for any suggestions.

...richie
Comment 1 Jeff Johnson 2000-01-13 17:30:59 UTC 
Could you try the rsh-*0.16-4 packages from Raw Hide
	ftp://rawhide.redhat.com/pub/rawhide
Note that there are now several packages since the clients/servers have been
split ...
Comment 2 richieb 2000-01-13 17:46:59 UTC 
I suspect this is not a rsh problem, as much as a bug in PAM_unix. In all
the cases when the failure occured, two processes were doing rsh for the
same used at the same time.

After I modified out script to have a delay of 5 seconds between the
rsh commands the problem stopped.
Comment 3 richieb 2000-01-13 18:59:59 UTC 
I've managed to reproduce the problem with a small script:

------cut here
#!/usr/local/bin/bash

host=chippewa

for x in {1, 2, 3, 4, 5, 6, 7, 8}
do
	rsh $host uname -a &
	sleep 2
done
---cut here

When "sleep" is present it works fine. But when sleep is commented out
I get this:

 ./rsh_test
[richieb on cree] scratch > Permission denied.
Protocol error, chippewa closed connection
Permission denied.
Linux chippewa 2.2.12-20smp #1 SMP Mon Sep 27 10:34:45 EDT 1999 i686 unknown
Linux chippewa 2.2.12-20smp #1 SMP Mon Sep 27 10:34:45 EDT 1999 i686 unknown
Linux chippewa 2.2.12-20smp #1 SMP Mon Sep 27 10:34:45 EDT 1999 i686 unknown
Linux chippewa 2.2.12-20smp #1 SMP Mon Sep 27 10:34:45 EDT 1999 i686 unknown
Linux chippewa 2.2.12-20smp #1 SMP Mon Sep 27 10:34:45 EDT 1999 i686 unknown
Comment 4 Jeff Johnson 2000-01-14 00:07:59 UTC 
I can't reproduce the problem with your script against rsh*0.16. However,
my /etc/pam.d/rsh file is different than yours:

#%PAM-1.0
auth       required     /lib/security/pam_rhosts_auth.so
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_pwdb.so
session    required     /lib/security/pam_pwdb.so

Could you see if the problem persists with that configuration as a sanity check?
Comment 5 richieb 2000-01-14 15:45:59 UTC 
The problem is that I cannot use pam_pwdb.so module, because the machine
is part of an NIS+ network and no user IDs exist in the passwd file.

I'll have to try on a different machine.

BTW, I was able to reproduce the problem on a SMP and on a single
processor machine. So the problem is not related to SPM.
Comment 6 richieb 2000-01-20 14:44:59 UTC 
I tried to run my test script on a plain RH 6.1 machine (single processor,
no NIS+) and it worked fine. I believe this problem is due to a bug in glibc
routine that looks up NIS+ passwords/users.
Comment 7 Cristian Gafton 2000-05-22 15:36:59 UTC 
assigned to nalin
Comment 8 Nalin Dahyabhai 2000-06-10 21:35:07 UTC 
It certainly looks like a glibc problem if the failure is occurring in
getpwnam().  Does this still occur on a 6.2 workstation?
Comment 9 Stephen John Smoogen 2003-01-25 00:03:17 UTC 
Bug 8445 has been closed because lack of input for 2 years from original bug
reporter and the problem was not duplicatable within the Red Hat environment.