First Last Prev Next    This bug is not in your last search results.
Bug 63607 - NIS netgroups in .rhosts file causes rlogin and rsh to fail
NIS netgroups in .rhosts file causes rlogin and rsh to fail
Status: CLOSED CURRENTRELEASE
Product: Red Hat Public Beta
Classification: Retired
Component: pam (Show other bugs)
skipjack-beta2
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Aaron Brown
:
Depends On:
Blocks: 61901
  Show dependency treegraph
 
Reported: 2002-04-16 03:32 EDT by Joseph F. Tombrello
Modified: 2007-04-18 12:42 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-04-17 00:48:53 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Joseph F. Tombrello 2002-04-16 03:32:41 EDT 
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.9-31smp i686)

Description of problem:
If I use NIS netgroups in .rhosts file ( e.g. +@servers for netgroup servers),
rlogin to my account fails with error:
rlogin: connection closed.
Similarly, rsh fails with the error:
rcmd: hostname: short read

Both rlogin and rsh work correctly if I use hostnames in .rhosts file rather
than netgroups.
Use of netgroups in  the .rhosts file works correctly on all of our RedHat 7.1
and RedHat 7.2 systems.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.Create a .rhosts file for a user account on the skipjack-beta2 system
containing only netgroups, e.g.
  +@servers
  +@clients  

2. From the  user account on a remote machine that is a member of one of the
netgroups, rlogin to the affected machine. 

	

Actual Results:  I get a connection closed. The user is not logged into the
system.

Expected Results:  User should be logged into skipjack-beta2 system.

Additional info:

Here is the contents of the systems /etc/pam.d/rlogin file:

#%PAM-1.0
# For root login to succeed here with pam_securetty, "rlogin" must be
# listed in /etc/securetty.
auth       required     /lib/security/pam_nologin.so
auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_env.so
auth       sufficient   /lib/security/pam_rhosts_auth.so
auth       required     /lib/security/pam_stack.so service=system-auth
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth

And the contents of the /etc/pam.d/system-auth file:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/pam_krb5.so use_first_pass
auth        required      /lib/security/pam_deny.so

account     required      /lib/security/pam_unix.so

password    required      /lib/security/pam_cracklib.so retry=3
password    sufficient    /lib/security/pam_unix.so nullok use_authtok shadow
nis
password    sufficient    /lib/security/pam_krb5.so use_authtok
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so
session     optional      /lib/security/pam_krb5.so
session     optional      /lib/security/pam_mkhomedir.so
Comment 1 Joseph F. Tombrello 2002-05-22 17:34:14 EDT 
Upgraded test machines to RedHat 7.3 final and problem no longer exists.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.