current-users: Re: PAM enabled on head

Subject: Re: PAM enabled on head
To: Christos Zoulas <christos@zoulas.com>
From: Hauke Fath <hauke@Espresso.Rhein-Neckar.DE>
List: current-users
Date: 03/13/2005 00:43:35
At 13:23 Uhr -0500 12.3.2005, Christos Zoulas wrote:
>| -- how do I make rshd dump core? Or attach a debugger to it?
>
>I see what the problem is... CVS update.

There is one more strange phenomenon here...

I use rsh to open an xterm that displays on another machine. Now, when I
issue the rsh command ("/usr/X11R6/bin/xterm -ls -sb  -sl 400 -display
q650:0.0"), the xterm pops up (timestamp 00:32:57), and the debuglog shows
the corresponding pam checks. When I exit from this xterm, a new xterm pops
up (timestamp 00:33:20), and the debuglog shows rshd syslog()ing a
connection - but without any pam checks.

Mar 13 00:32:57 mara inetd[3218]: connection from q650.causeuse.org,
service shell (tcp)
Mar 13 00:32:57 mara rshd[3218]: in openpam_dispatch(): calling
pam_sm_authenticate() in pam_rhosts.so
Mar 13 00:32:57 mara rshd[3218]: in pam_get_user(): entering
Mar 13 00:32:57 mara rshd[3218]: in pam_get_item(): entering: PAM_USER
Mar 13 00:32:57 mara rshd[3218]: in pam_get_item(): returning PAM_SUCCESS
Mar 13 00:32:57 mara rshd[3218]: in pam_get_user(): returning PAM_SUCCESS
Mar 13 00:32:57 mara rshd[3218]: in pam_get_item(): entering: PAM_RUSER
Mar 13 00:32:57 mara rshd[3218]: in pam_get_item(): returning PAM_SUCCESS
Mar 13 00:32:57 mara rshd[3218]: in pam_get_item(): entering: PAM_RHOST
Mar 13 00:32:57 mara rshd[3218]: in pam_get_item(): returning PAM_SUCCESS
Mar 13 00:32:58 mara rshd[3218]: in openpam_dispatch(): pam_rhosts.so:
pam_sm_authenticate(): success
Mar 13 00:32:58 mara rshd[3218]: in openpam_dispatch(): calling
pam_sm_setcred() in pam_rhosts.so
Mar 13 00:32:58 mara rshd[3218]: in openpam_dispatch(): pam_rhosts.so:
pam_sm_setcred(): success
Mar 13 00:32:58 mara rshd[3275]: hauke@q650.causeuse.org as hauke:
cmd='/usr/X11R6/bin/xterm -ls -sb  -sl 400 -display q650:0.0'
Mar 13 00:33:20 mara rshd[3218]: hauke@q650.causeuse.org as hauke:
cmd='/usr/X11R6/bin/xterm -ls -sb  -sl 400 -display q650:0.0'

None of my non-pam machines ever did that. Could it be related to 'su'
prompting for a password twice on some machines (not happening here,
though)?

	hauke

--
/~\  The ASCII Ribbon Campaign
\ /    No HTML/RTF in email
 X     No Word docs in email
/ \  Respect for open standards