Bug 16170 - RFE: enable REMOTEHOST (pam_env)
Summary: RFE: enable REMOTEHOST (pam_env)
Keywords:
Status: CLOSED DUPLICATE of bug 42880
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: rsh
Version: 7.1
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-08-14 16:32 UTC by Michael Redinger
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2001-06-16 16:01:40 UTC
Embargoed:


Attachments (Terms of Use)

Description Michael Redinger 2000-08-14 16:32:19 UTC
It would be nice to see the REMOTEHOST Variable enabled per default (ie. to
see what computer you're coming from):

- uncomment REMOTEHOST in /etc/security/pam_env.conf
add 
auth       required     /lib/security/pam_env.so
to /etc/pam.d/login, /etc/pam.d/rlogin and /etc/pam.d/rsh
just before
auth       required     /lib/security/pam_nologin.so

Comment 1 Nalin Dahyabhai 2000-08-16 22:31:38 UTC
Reclassifying to the rsh package, which owns in.rshd and in.rlogind's PAM
configuration files.

Comment 2 Phil Knirsch 2001-06-16 15:08:14 UTC
The /lib/security/pam_env.so has been since RH 7.1, only the REMOTEHOST entry in
/etc/security/pam_env.conf is still missing.

I'll discuss possisble security issues with the folks here and if it is
considered to be safe i'll include it in pam as well. If not i'll let you know
as well.

Read ya, Phil

Comment 3 Michael Redinger 2001-06-16 16:01:33 UTC
I now tried to make PAM_RUSER and PAM_RHOST actually work, but didn't get it 
right (PAM_RHOST works for rlogin but not for rsh, PAM_RUSER never seems to 
work).
Looking at the r*d code I'd say it can't work ...

Therefore I didn't use PAM to set these variables but did set it in rshd and 
rlogind directly.

See #42880 . Maybe that's the proper solution (I asked on the beta list, but 
there was no answer).


Michael

Comment 4 Phil Knirsch 2001-10-22 13:37:15 UTC
I've spent some time looking at the problem you described and it is actually the
same as described in #42880, and from what i've seen this is really the only
possible and proper solution, so i'll include the patch resp. a less buffer
overflow prone on in one of the next rsh packages.

Read ya, Phil

*** This bug has been marked as a duplicate of 42880 ***


Note You need to log in before you can comment on or make changes to this bug.