Description of Problem: If a client machine is upgraded to RH 7.2 and uses NIS for password authentication and a user has a password greater than 8 characters in length, then the login will fail. If the password is <= 8 characters or the user is logging in using a standalone account irregardless of password length, then the user will be able to log in normally. The NIS server is running under Solaris x86 7 (SunOS 5.7) using the ypserv shipped w/ Solaris. We are using plain-vanilla NIS (not NISPLUS). Version-Release number of selected component (if applicable): How Reproducible: Every time Steps to Reproduce: 1.Create an account 'bogus' on the NIS server machine. Give it a password of 'abcdefghi' (without quotes) 2. yppush the relevant mapping fields 3. Attempt to log in as bogus using 'abcdefghi' as the password either via the console, gdm, or telnet Actual Results: The login will fail. Red Hat Linux release 7.2 (Enigma) Kernel 2.4.9-7 on an i586 login: bogus Password: Login incorrect Expected Results: User should have been able to log in normally and received a prompt/desktop/etc. Additional Information: Please note that this was only experienced using an NIS server running SunOS x86 5.7. We do not know if this is repeatable using other OS/platforms out there.
I believe I'm seeing this failure too. I've been unable to login since upgrading from 7.1 to 7.2. 2001-1203-1435 Here's /var/log/messages output for the problem again Dec 3 14:34:35 box pam_rhosts_auth[4825]: denied to kirke@kentuckyderby as kirke: access not allowed Dec 3 14:34:43 box rlogin(pam_unix)[4825]: authentication failure; logname= uid=0 euid=0 tty=rlogin ruser=kirke rhost=kentuckyderby user=kirke Dec 3 14:34:45 box in.rlogind[4825]: PAM authentication failed for in.rlogind A single line appears at the start in /var/log/security Dec 3 14:39:13 box xinetd[1061]: START: login pid=4869 from=192.18.120.235 [root@box log]# ypcat -k passwd | grep kirke kirke kirke:xHx93eU2eA.4Y:9469:10:Kirk Erickson:/u/kirke:/bin/tcsh Another clue: we can rlogin from tor, but ftp from tor fails the same way. Apparently, since tor appears in box:~/.rhosts, we get in ok. Remember, we can't login as kirke on the console (on box) either. Dec 3 14:59:42 box ftp(pam_unix)[4981]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=dsl-192-86.eng.sun.com user=kirke Dec 3 14:59:45 box ftpd: dsl-192-86.eng.sun.com: connected: IDLE So I'm unable to rlogin from a nearby Solaris box named kentuckyderby (running 2.8) or on the console (the machine called box where 7.2 was just installed). Appreciate any new information on this be sent to kirk.erickson (my email address changed from kirke).
Download the pam fix from redhat's web site.. that fixed my NIS login problem.
Created attachment 39527 [details] pam-debug.log (for first failure message == rhosts auth)
The latest download for pam I found is version .74-22 via: http://www.redhat.com/apps/download/results.html?search%3Aquery_cb=pam&search%3Asource=rpm&search%3Afields=name&search%3Afields=summary&search%3Afields=description&search%3Aoptions=match_partial&search%3Afield%3Aarch=i386%2Ci586%2Ci686%2Cnoarch 2. pam 0.74 - 22 i386 | 2062k | Apr 7 2001 | Red Hat, Inc. [ download | details ] A security tool which provides authentication for application But 7.2 came stock with version .75: [kirke@box kirke]$ rpm -q pam pam-0.75-14 [kirke@box kirke]$ I assume this would be going backwards... kirk
Ok. Sorry. I found the following on the ftp site: pam-0.75-19.i386.rpm pam-devel-0.75-19.i386.rpm usermode-1.46-1.i386.rpm and installing these resolved the problem.
This looks like a pam bug that has been fixed. I'm closing this bug.