From owner-freebsd-current Tue Apr 11 8:51: 8 2000 Delivered-To: freebsd-current@freebsd.org Received: from wall.polstra.com (rtrwan160.accessone.com [206.213.115.74]) by hub.freebsd.org (Postfix) with ESMTP id 97D4037BAC1 for ; Tue, 11 Apr 2000 08:51:03 -0700 (PDT) (envelope-from jdp@polstra.com) Received: from vashon.polstra.com (vashon.polstra.com [206.213.73.13]) by wall.polstra.com (8.9.3/8.9.3) with ESMTP id IAA28772; Tue, 11 Apr 2000 08:50:58 -0700 (PDT) (envelope-from jdp@polstra.com) From: John Polstra Received: (from jdp@localhost) by vashon.polstra.com (8.9.3/8.9.1) id IAA05779; Tue, 11 Apr 2000 08:50:57 -0700 (PDT) (envelope-from jdp@polstra.com) Date: Tue, 11 Apr 2000 08:50:57 -0700 (PDT) Message-Id: <200004111550.IAA05779@vashon.polstra.com> To: thyerm@camtech.net.au Subject: Re: error reports by rshd in /var/log/messages In-Reply-To: References: Organization: Polstra & Co., Seattle, WA Cc: current@freebsd.org Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In article , Matthew Sean Thyer wrote: > > The way PAM works, that will let _anybody_ login via rsh without a > > password. I don't think it's what you want. > > Wont this only happen when rshd becomes PAMerised ? or has that > happened already ? I haven't been following PAM closely as it is now maintained by Mark Murray . Also, I never use rsh. But rshd must have been PAMerized already -- otherwise it couldn't emit the messages you reported. > If its already been done, why the console messages ? Probably you got the messages because your pam.conf file wasn't up-to-date. Here's what I see in "src/etc/pam.conf": # r-utils are broken; ensure this doesn't bother folk rshd auth sufficient pam_deny.so These lines were added on January 4th by markm. John -- John Polstra jdp@polstra.com John D. Polstra & Co., Inc. Seattle, Washington USA "Disappointment is a good sign of basic intelligence." -- Chögyam Trungpa To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message