current-users: Re: PAM enabled on head

Subject: Re: PAM enabled on head
To: Christos Zoulas <christos@tac.gw.com>
From: Hauke Fath <hauke@Espresso.Rhein-Neckar.DE>
List: current-users
Date: 03/09/2005 23:41:17
At 16:17 Uhr -0500 9.3.2005, Christos Zoulas wrote:
>In article <l03102802be550f32185e@172.16.7.4>,
>Hauke Fath  <hauke@Espresso.Rhein-Neckar.DE> wrote:
>>At 21:40 Uhr -0500 27.2.2005, Christos Zoulas wrote:
>>>Everything should work as expected, but if it does not, there is always
>>>send-pr.
>>
>>Does rsh work for anyone? I can send commands, connections are logged on
>>the rshd machine (mac68k, build date Mon Mar  7 18:17:30 UTC 2005), no
>>errors logged even with
>>
>>#auth           required        pam_rhosts.so           no_warn allow_root
>>auth            required        pam_rhosts.so           debug allow_root
>>
>>in pam.d/rsh, but no output whatsoever on the rsh client.
>
>PAM errors get logged with syslog.

With what facility? 'man pam_rhosts' only tells me

debug       syslog(3) debugging information at LOG_DEBUG level.

I suspected 'auth', but that wasn't it.

>Add a line like:
>
>*.debug							hauke
>
>in your syslog.conf...

That's better. From a 'rsh mara "cat /etc/hosts"' I get the described
silence on the client side and

Mar  9 23:33:30 mara inetd[1495]: connection from XXXX, service shell (tcp)
Mar  9 23:33:30 mara rshd[1495]: in openpam_dispatch(): calling
pam_sm_authenticate() in pam_rhosts.so
Mar  9 23:33:30 mara rshd[1495]: in pam_get_user(): entering
Mar  9 23:33:30 mara rshd[1495]: in pam_get_item(): entering: PAM_USER
Mar  9 23:33:30 mara rshd[1495]: in pam_get_item(): returning PAM_SUCCESS
Mar  9 23:33:30 mara rshd[1495]: in pam_get_user(): returning PAM_SUCCESS
Mar  9 23:33:30 mara rshd[1495]: in pam_get_item(): entering: PAM_RUSER
Mar  9 23:33:30 mara rshd[1495]: in pam_get_item(): returning PAM_SUCCESS
Mar  9 23:33:30 mara rshd[1495]: in pam_get_item(): entering: PAM_RHOST
Mar  9 23:33:30 mara rshd[1495]: in pam_get_item(): returning PAM_SUCCESS
Mar  9 23:33:31 mara rshd[1495]: in openpam_dispatch(): pam_rhosts.so:
pam_sm_authenticate(): success
Mar  9 23:33:31 mara rshd[1495]: in openpam_dispatch(): calling
pam_sm_setcred() in pam_rhosts.so
Mar  9 23:33:31 mara rshd[1495]: in openpam_dispatch(): pam_rhosts.so:
pam_sm_setcred(): success

in the debug log.

Everyone involved seems happy - but me...

Any ideas what else I could check?

	hauke

--
/~\  The ASCII Ribbon Campaign
\ /    No HTML/RTF in email
 X     No Word docs in email
/ \  Respect for open standards