On Fri, Apr 22, 2005 at 05:02:55PM +0200, Vincent Arnoux wrote:
> I am trying to set up on a Fedora Core 3 pc the rsh server... and
> failing for the moment.
> I have the following message in /var/messages :
> Apr 20 14:21:26 asma001 pam_rhosts_auth[8950]: denied to
> vincent@xxxxxxxxxxxxx as varnoux: access not allowed
> Apr 20 14:21:26 asma001 in.rshd[8950]: rsh denied to
> vincent@xxxxxxxxxxxxx as varnoux: Permission denied.
>
> What I don't understand is that I changed all authorization files I
> found involved in rsh permissions. This system is on an intranet, so I
> can desactivate any security I want, but rsh server MUST work.
[snip]
> [root@asma001 varnoux]# cat /etc/hosts.equiv
> +
> [root@asma001 varnoux]# cat .rhosts
> + +
Ah, you need to add "promiscuous" to the set of options which you're
passing to the pam_rhosts_auth.so module in /etc/pam.d/rsh. The module
deviates from the historic behavior by NOT treating "+" as a wildcard
unless this option is given. [1]
Note that if you run "rsh" without any arguments, it invokes "rlogin",
so you may want to modify the PAM configuration for rlogind similarly.
HTH,
Nalin
[1] See the Linux-PAM System Administrator's Guide, in various formats
under /usr/share/doc/pam-*, for more info.
