[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PAM experience (and more)
amos@gezernet.co.il (Amos Shapira) writes:
>
> Hi,
>
> I'm back on the list....:)
>
> Does anyone here have personal experience using PAM? I think I can
> use some advice about setting this up. I've read the docs but I
> expect someone with experience can help with the learning curve.
>
> Thanks,
Well, I'm running RH 4.1 + all security fixes and I played with PAM
recently. Namely, I disabled ~/.rhosts support for rsh/rlogin by
specifying 'no_rhosts' option in /etc/pam.conf:
rlogin auth sufficient /lib/security/pam_rhosts_auth.so no_rhosts
rsh auth required /lib/security/pam_rhosts_auth.so no_rhosts debug
Also, I tried to figure out the reason for the following [buggy?] rsh
behaviour:
If I have some host in my /etc/hosts.allow BUT NOT in
/etc/hosts.equiv, then I can rsh to it with supplying a password:
$ rsh remote
Password:
However if I do 'rsh remote SOME_COMMAND', it says 'Permission denied'
$ rsh remote date
Permission denied.
BTW, ssh doesn't have such bug.
I tried to enable more PAM modules for rsh (pam_unix_auth and
pam_unix_passwd) and at some moment I did manage to make rsh to prompt
me for password. But it was completely screwed up:
$ rsh remote date
assword: MY_PASSWORD <----- VISIBLE!!!
^
|--------------------- note the absence of 'P'
... which obviously has to do with streams' redirections rsh does.
Anybody has any slightest idea on how to fix or at least who to
report?
--
-Alexander
==============================================================================
Alexander L. Belikoff belikoff@bfr.co.il
Berger Financial Research Ltd.
=============================================================================
Follow-Ups:
References: