From owner-freebsd-stable  Thu Nov  9  5:38:22 2000
Delivered-To: freebsd-stable@freebsd.org
Received: from moriarity.grauel.com (moriarity.grauel.com [199.233.104.37])
	by hub.freebsd.org (Postfix) with ESMTP id 7055C37B479
	for <stable@FreeBSD.ORG>; Thu,  9 Nov 2000 05:38:19 -0800 (PST)
Received: (from rjk@localhost)
	by moriarity.grauel.com (8.11.1/8.11.1) id eA9Dbo248736;
	Thu, 9 Nov 2000 08:37:50 -0500 (EST)
	(envelope-from rjk)
From: Richard J Kuhns <rjk@grauel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <14858.43182.684154.605368@moriarity.grauel.com>
Date: Thu, 9 Nov 2000 08:37:50 -0500 (EST)
To: Tony Maher <Tony.Maher@eBioinformatics.com>
Cc: imp@village.org, stable@FreeBSD.ORG
Subject: Re: rsh problems
In-Reply-To: <200011090930.UAA04489@shad.au.int.en-bio.com>
References: <200011090930.UAA04489@shad.au.int.en-bio.com>
X-Mailer: VM 6.75 under 21.1 (patch 11) "Carlsbad Caverns" XEmacs Lucid
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Tony Maher writes:
 > > : rshd    auth    required    pam_deny.so
 > > : to
 > > : rshd    auth    sufficient  pam_deny.so
 > > : 
 > > : fixes the problem.
 > > : 
 > > : Should this be changed in CVS or is there some reason why it should remain
 > > : 'required'?
 > > 
 > > I think it should be changed back.  We're going to get a lot of
 > > questions about this, I think.
 > 
 > Hmm - turns out the above is not the whole solution but a partial hack.
 > 
 > freebsd> rsh office
 > Password:
 > 
 > works but /var/log/messages gives:
 > Nov  9 20:20:17 office rlogind[10201]: auth_pam: Permission denied
 > Nov  9 20:20:17 office rlogind[10201]: PAM authentication failed
 > 
 > Something still screwy with this (or is it just me!).
 > Sorry but I don't have the expertise or time to debug this and 4.2 due real
 > soon :-(
 > 

I mentioned this about a week ago, but didn't get any response.
/usr/src/libexec/rshd/rshd.c was changed in -current to remove PAM support
(v1.33), but it was never MFCed.  /etc/pam.conf, however, was (more or
less).  v1.6.2.1 (-stable) changed "sufficient" to "required" for some
reason, and v1.8 (-current only) removed the rshd line entirely.

-- 
Richard Kuhns			rjk@grauel.com
PO Box 6249			Tel: (765)477-6000 \
100 Sawmill Road				    x319
Lafayette, IN  47903		     (800)489-4891 /


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message