63607 – NIS netgroups in .rhosts file causes rlogin and rsh to fail

Bug 63607 - NIS netgroups in .rhosts file causes rlogin and rsh to fail

Summary: NIS netgroups in .rhosts file causes rlogin and rsh to fail

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Public Beta
Classification:	Retired
Component:	pam
Sub Component:
Version:	skipjack-beta2
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nalin Dahyabhai
QA Contact:	Aaron Brown
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	61901
TreeView+	depends on / blocked

Reported:	2002-04-16 07:32 UTC by Joseph F. Tombrello
Modified:	2007-04-18 16:42 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2002-04-17 04:48:53 UTC
Embargoed:

Attachments	(Terms of Use)

Description Joseph F. Tombrello 2002-04-16 07:32:41 UTC

From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.4.9-31smp i686)

Description of problem:
If I use NIS netgroups in .rhosts file ( e.g. +@servers for netgroup servers),
rlogin to my account fails with error:
rlogin: connection closed.
Similarly, rsh fails with the error:
rcmd: hostname: short read

Both rlogin and rsh work correctly if I use hostnames in .rhosts file rather
than netgroups.
Use of netgroups in  the .rhosts file works correctly on all of our RedHat 7.1
and RedHat 7.2 systems.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.Create a .rhosts file for a user account on the skipjack-beta2 system
containing only netgroups, e.g.
  +@servers
  +@clients  

2. From the  user account on a remote machine that is a member of one of the
netgroups, rlogin to the affected machine. 

	

Actual Results:  I get a connection closed. The user is not logged into the
system.

Expected Results:  User should be logged into skipjack-beta2 system.

Additional info:

Here is the contents of the systems /etc/pam.d/rlogin file:

#%PAM-1.0
# For root login to succeed here with pam_securetty, "rlogin" must be
# listed in /etc/securetty.
auth       required     /lib/security/pam_nologin.so
auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_env.so
auth       sufficient   /lib/security/pam_rhosts_auth.so
auth       required     /lib/security/pam_stack.so service=system-auth
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth

And the contents of the /etc/pam.d/system-auth file:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/pam_env.so
auth        sufficient    /lib/security/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/pam_krb5.so use_first_pass
auth        required      /lib/security/pam_deny.so

account     required      /lib/security/pam_unix.so

password    required      /lib/security/pam_cracklib.so retry=3
password    sufficient    /lib/security/pam_unix.so nullok use_authtok shadow
nis
password    sufficient    /lib/security/pam_krb5.so use_authtok
password    required      /lib/security/pam_deny.so

session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so
session     optional      /lib/security/pam_krb5.so
session     optional      /lib/security/pam_mkhomedir.so

Comment 1 Joseph F. Tombrello 2002-05-22 21:34:14 UTC

Upgraded test machines to RedHat 7.3 final and problem no longer exists.

Note You need to log in before you can comment on or make changes to this bug.