Bug 63607 - NIS netgroups in .rhosts file causes rlogin and rsh to fail
NIS netgroups in .rhosts file causes rlogin and rsh to fail
Status: CLOSED CURRENTRELEASE
Product: Red Hat Public Beta
Classification: Retired
Component: pam (Show other bugs)
skipjack-beta2
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Aaron Brown
:
Depends On:
Blocks: 61901
  Show dependency treegraph
 
Reported: 2002-04-16 03:32 EDT by Joseph F. Tombrello
Modified: 2007-04-18 12:42 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2002-04-17 00:48:53 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Joseph F. Tombrello 2002-04-16 03:32:41 EDT
From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.9-31smp i686)

Description of problem:
If I use NIS netgroups in .rhosts file ( e.g. +@servers for netgroup servers),
rlogin to my account fails with error:
rlogin: connection closed.
Similarly, rsh fails with the error:
rcmd: hostname: short read

Both rlogin and rsh work correctly if I use hostnames in .rhosts file rather
than netgroups.
Use of netgroups in  the .rhosts file works correctly on all of our RedHat 7.1
and RedHat 7.2 systems.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.Create a .rhosts file for a user account on the skipjack-beta2 system
containing only netgroups, e.g.
  +@servers
  +@clients  

2. From the  user account on a remote machine that is a member of one of the
netgroups, rlogin to the affected machine. 

	

Actual Results:  I get a connection closed. The user is not logged into the
system.

Expected Results:  User should be logged into skipjack-beta2 system.

Additional info:

Here is the contents of the systems /etc/pam.d/rlogin file:

#%PAM-1.0
# For root login to succeed here with pam_securetty, "rlogin" must be
# listed in /etc/securetty.
auth       required     /lib/security/pam_nologin.so
auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_env.so
auth       sufficient   /lib/security/pam_rhosts_auth.so
auth       required     /lib/security/pam_stack.so service=system-auth
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth

And the contents of the /etc/pam.d/system-auth file:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/pam_krb5.so use_first_pass
auth        required      /lib/security/pam_deny.so

account     required      /lib/security/pam_unix.so

password    required      /lib/security/pam_cracklib.so retry=3
password    sufficient    /lib/security/pam_unix.so nullok use_authtok shadow
nis
password    sufficient    /lib/security/pam_krb5.so use_authtok
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so
session     optional      /lib/security/pam_krb5.so
session     optional      /lib/security/pam_mkhomedir.so
Comment 1 Joseph F. Tombrello 2002-05-22 17:34:14 EDT
Upgraded test machines to RedHat 7.3 final and problem no longer exists.

Note You need to log in before you can comment on or make changes to this bug.