It would be nice to see the REMOTEHOST Variable enabled per default (ie. to see what computer you're coming from): - uncomment REMOTEHOST in /etc/security/pam_env.conf add auth required /lib/security/pam_env.so to /etc/pam.d/login, /etc/pam.d/rlogin and /etc/pam.d/rsh just before auth required /lib/security/pam_nologin.so
Reclassifying to the rsh package, which owns in.rshd and in.rlogind's PAM configuration files.
The /lib/security/pam_env.so has been since RH 7.1, only the REMOTEHOST entry in /etc/security/pam_env.conf is still missing. I'll discuss possisble security issues with the folks here and if it is considered to be safe i'll include it in pam as well. If not i'll let you know as well. Read ya, Phil
I now tried to make PAM_RUSER and PAM_RHOST actually work, but didn't get it right (PAM_RHOST works for rlogin but not for rsh, PAM_RUSER never seems to work). Looking at the r*d code I'd say it can't work ... Therefore I didn't use PAM to set these variables but did set it in rshd and rlogind directly. See #42880 . Maybe that's the proper solution (I asked on the beta list, but there was no answer). Michael
I've spent some time looking at the problem you described and it is actually the same as described in #42880, and from what i've seen this is really the only possible and proper solution, so i'll include the patch resp. a less buffer overflow prone on in one of the next rsh packages. Read ya, Phil *** This bug has been marked as a duplicate of 42880 ***