Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 16 Oct 2000 16:39:56 -0400 (EDT)
From:      Vivek Khera <khera@kciLink.com>
To:        "stable@FreeBSD.ORG" <stable@FreeBSD.ORG>
Subject:   Re: turning off rcmd is premature
Message-ID:  <14827.26524.933168.86478@onceler.kciLink.com>
In-Reply-To: <20001014154131.E13848@citusc17.usc.edu>
References:  <01C0351A.45CBF470.ggross@symark.com> <20001014154131.E13848@citusc17.usc.edu>

next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "KK" == Kris Kennaway <kris@citusc.usc.edu> writes:

KK> Removing 1 character from inetd.conf and typing "kill -HUP `cat
KK> /var/run/inetd.pid`" is all thats required to enable a service again
KK> for your system, if you're one of those people who need or want to use
KK> one of them. Thats not a big task.

No; the following is required:

fix /etc/inetd.conf
fix /etc/pam.conf
possibly fix /etc/hosts.allow

then HUP inetd.

The fix to /etc/pam.conf is not obvious.  The following is what one
would *expect* to work, but does not.  One must revert back to the
prior pam.conf line to make it work.  The error reported from pam is
"Conversation error":

rshd	auth	required	pam_unix.so			try_first_pass

this, however, does work:

rshd	auth	sufficient	pam_deny.so

but logs a warning in /var/log/messages prior to allowing the access.

But I still think that before these services were shut off by default,
the completion of functionality under ssh should have been done, ie,
rcmd(3) should be ssh-aware.

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Vivek Khera, Ph.D.                Khera Communications, Inc.
Internet: khera@kciLink.com       Rockville, MD       +1-301-545-6996
GPG & MIME spoken here            http://www.khera.org/~vivek/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14827.26524.933168.86478>