Bug 8445 - rsh from Sun/Solaris machine fails randomly
Summary: rsh from Sun/Solaris machine fails randomly
Keywords:
Status: CLOSED WORKSFORME
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: pam
Version: 6.1
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-01-13 15:31 UTC by richieb
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2003-01-25 00:03:17 UTC
Embargoed:


Attachments (Terms of Use)

Description richieb 2000-01-13 15:31:25 UTC
We have a RH 6.1 in a network of Sun/Solaris machines. We use NIS+.
We have a script that executes several rsh commands on the
Linux box and randomly some of the rsh commands fail with
"Permisson Denied".

The /var/log/messages contains these lines:

Jan 12 20:55:46 etorki automount[586]: attempting to mount entry
/home/rainman
Jan 12 20:55:47 etorki pam_rhosts_auth[28238]: allowed to rainman@crepy as
rainman
Jan 12 20:55:47 etorki pam_rhosts_auth[28239]: allowed to rainman@crepy as
rainman
Jan 12 20:55:47 etorki PAM_unix[28239]: could not identify user (from
getpwnam(rainman))
Jan 12 20:55:47 etorki PAM_unix[28238]: (rsh) session opened for user
rainman by (uid=0)

The rsh for pid 28238 worked, but for pid 28239 is did not.

The /etc/pam.d/rsh file contains:

#%PAM-1.0
auth       required     /lib/security/pam_securetty.so
auth       sufficient   /lib/security/pam_rhosts_auth.so
auth       required     /lib/security/pam_unix_auth.so
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_unix_acct.so
password   required     /lib/security/pam_unix_passwd.so
session    required     /lib/security/pam_unix_session.so


It was updated according to NIS+ How To.

Finally /var/log/secure for the same time contains:

[root@etorki log]# grep "Jan 12 20:55:" secure
Jan 12 20:55:45 etorki in.rshd[28238]: connect from crepy
Jan 12 20:55:45 etorki in.rshd[28239]: connect from crepy
Jan 12 20:55:48 etorki in.rshd[28256]: connect from crepy


We are using the pam package that came with RH 6.1 and I added
pam_keylogin module.

Thanks for any suggestions.

...richie

Comment 1 Jeff Johnson 2000-01-13 17:30:59 UTC
Could you try the rsh-*0.16-4 packages from Raw Hide
	ftp://rawhide.redhat.com/pub/rawhide
Note that there are now several packages since the clients/servers have been
split ...

Comment 2 richieb 2000-01-13 17:46:59 UTC
I suspect this is not a rsh problem, as much as a bug in PAM_unix. In all
the cases when the failure occured, two processes were doing rsh for the
same used at the same time.

After I modified out script to have a delay of 5 seconds between the
rsh commands the problem stopped.

Comment 3 richieb 2000-01-13 18:59:59 UTC
I've managed to reproduce the problem with a small script:

------cut here
#!/usr/local/bin/bash

host=chippewa

for x in {1, 2, 3, 4, 5, 6, 7, 8}
do
	rsh $host uname -a &
	sleep 2
done
---cut here

When "sleep" is present it works fine. But when sleep is commented out
I get this:

 ./rsh_test
[richieb on cree] scratch > Permission denied.
Protocol error, chippewa closed connection
Permission denied.
Linux chippewa 2.2.12-20smp #1 SMP Mon Sep 27 10:34:45 EDT 1999 i686 unknown
Linux chippewa 2.2.12-20smp #1 SMP Mon Sep 27 10:34:45 EDT 1999 i686 unknown
Linux chippewa 2.2.12-20smp #1 SMP Mon Sep 27 10:34:45 EDT 1999 i686 unknown
Linux chippewa 2.2.12-20smp #1 SMP Mon Sep 27 10:34:45 EDT 1999 i686 unknown
Linux chippewa 2.2.12-20smp #1 SMP Mon Sep 27 10:34:45 EDT 1999 i686 unknown

Comment 4 Jeff Johnson 2000-01-14 00:07:59 UTC
I can't reproduce the problem with your script against rsh*0.16. However,
my /etc/pam.d/rsh file is different than yours:

#%PAM-1.0
auth       required     /lib/security/pam_rhosts_auth.so
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_pwdb.so
session    required     /lib/security/pam_pwdb.so

Could you see if the problem persists with that configuration as a sanity check?

Comment 5 richieb 2000-01-14 15:45:59 UTC
The problem is that I cannot use pam_pwdb.so module, because the machine
is part of an NIS+ network and no user IDs exist in the passwd file.

I'll have to try on a different machine.

BTW, I was able to reproduce the problem on a SMP and on a single
processor machine. So the problem is not related to SPM.

Comment 6 richieb 2000-01-20 14:44:59 UTC
I tried to run my test script on a plain RH 6.1 machine (single processor,
no NIS+) and it worked fine. I believe this problem is due to a bug in glibc
routine that looks up NIS+ passwords/users.

Comment 7 Cristian Gafton 2000-05-22 15:36:59 UTC
assigned to nalin

Comment 8 Nalin Dahyabhai 2000-06-10 21:35:07 UTC
It certainly looks like a glibc problem if the failure is occurring in
getpwnam().  Does this still occur on a 6.2 workstation?

Comment 9 Stephen John Smoogen 2003-01-25 00:03:17 UTC
Bug 8445 has been closed because lack of input for 2 years from original bug
reporter and the problem was not duplicatable within the Red Hat environment. 


Note You need to log in before you can comment on or make changes to this bug.