From owner-freebsd-bugs Thu Oct 14 8:20: 5 1999 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id AF1591505E for ; Thu, 14 Oct 1999 08:20:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id IAA27510; Thu, 14 Oct 1999 08:20:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: by hub.freebsd.org (Postfix, from userid 32767) id 7508D14F6B; Thu, 14 Oct 1999 08:10:57 -0700 (PDT) Message-Id: <19991014151057.7508D14F6B@hub.freebsd.org> Date: Thu, 14 Oct 1999 08:10:57 -0700 (PDT) From: randy@psg.com To: freebsd-gnats-submit@freebsd.org X-Send-Pr-Version: www-1.0 Subject: misc/14326: kerberos4 pam-related breakage in current Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 14326 >Category: misc >Synopsis: kerberos4 pam-related breakage in current >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Oct 14 08:20:00 PDT 1999 >Closed-Date: >Last-Modified: >Originator: Randy Bush >Release: 4.0-current >Organization: ymbk >Environment: FreeBSD rip.psg.com 4.0-CURRENT FreeBSD 4.0-CURRENT #0: Tue Oct 12 05:55:02 PDT 1999 root@rip.psg.com:/usr/src/sys/compile/RIP i386 >Description: From: Randy Bush To: Mark Murray Subject: Re: k4 and -current Date: Wed, 13 Oct 1999 16:27:22 -0700 > OK - duplicate all the lines in pam.conf that begin with > "login", and replace the regex "^login" with "rlogind" for > the duplicated case. > Repeat except replace with "rshd". done # If you want KerberosIV authentication, uncomment the next line: login auth sufficient pam_kerberosIV.so try_first_pass shell auth sufficient pam_kerberosIV.so try_first_pass rlogind auth sufficient pam_kerberosIV.so try_first_pass rshd auth sufficient pam_kerberosIV.so try_first_pass > Let me know as much as possible about the failure after > that... roam.psg.com:/usr/home/randy> rsh rip ls rsh: kcmd: connection unexpectedly closed. Login incorrect. roam.psg.com:/usr/home/randy> rsh rip ls rsh: kcmd: connection unexpectedly closed. Login incorrect. roam.psg.com:/usr/home/randy> rsh -x rip ls rsh: kcmd: connection unexpectedly closed. rsh: the -x flag requires Kerberos authentication roam.psg.com:/usr/home/randy> rlogin rip rlogin: remote host doesn't support Kerberos: Connection refused ^C roam.psg.com:/usr/home/randy> rlogin -x rip rlogin: krcmd_mutual: Generic kerberos error (kfailure) rlogin: the -x flag requires Kerberos authentication Oct 13 16:22:00 rip rshd[84249]: connect from roam.psg.com Oct 13 16:22:00 rip rshd[84249]: no modules loaded for `rshd' service Oct 13 16:22:00 rip rshd[84249]: auth_pam: Permission denied Oct 13 16:22:00 rip rshd[84249]: PAM authentication failed Oct 13 16:22:00 rip rshd[84249]: randy@roam.psg.com as randy: permission denied. cmd='ls' Oct 13 16:22:51 rip rshd[84268]: connect from roam.psg.com Oct 13 16:22:51 rip rshd[84268]: connection from 147.28.0.38 on illegal port 5120 Oct 13 16:22:51 rip rshd[84269]: connect from roam.psg.com Oct 13 16:22:51 rip rshd[84269]: no modules loaded for `rshd' service Oct 13 16:22:51 rip rshd[84269]: auth_pam: Permission denied Oct 13 16:22:51 rip rshd[84269]: PAM authentication failed Oct 13 16:22:51 rip rshd[84269]: randy@roam.psg.com as randy: permission denied. cmd='ls' Oct 13 16:24:35 rip rshd[84313]: connect from roam.psg.com Oct 13 16:24:35 rip rshd[84313]: usage: rshd [-alnDL] Oct 13 16:24:51 rip rlogind[84326]: usage: rlogind [-Dalnx] Oct 13 16:24:51 rip rlogind[84326]: Connection from 147.28.0.38 on illegal port >How-To-Repeat: kerberos 4 rlogin/rsh to a -current host >Fix: >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message