Date: Mon, 16 Oct 2000 16:39:56 -0400 (EDT) From: Vivek Khera <khera@kciLink.com> To: "stable@FreeBSD.ORG" <stable@FreeBSD.ORG> Subject: Re: turning off rcmd is premature Message-ID: <14827.26524.933168.86478@onceler.kciLink.com> In-Reply-To: <20001014154131.E13848@citusc17.usc.edu> References: <01C0351A.45CBF470.ggross@symark.com> <20001014154131.E13848@citusc17.usc.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
>>>>> "KK" == Kris Kennaway <kris@citusc.usc.edu> writes: KK> Removing 1 character from inetd.conf and typing "kill -HUP `cat KK> /var/run/inetd.pid`" is all thats required to enable a service again KK> for your system, if you're one of those people who need or want to use KK> one of them. Thats not a big task. No; the following is required: fix /etc/inetd.conf fix /etc/pam.conf possibly fix /etc/hosts.allow then HUP inetd. The fix to /etc/pam.conf is not obvious. The following is what one would *expect* to work, but does not. One must revert back to the prior pam.conf line to make it work. The error reported from pam is "Conversation error": rshd auth required pam_unix.so try_first_pass this, however, does work: rshd auth sufficient pam_deny.so but logs a warning in /var/log/messages prior to allowing the access. But I still think that before these services were shut off by default, the completion of functionality under ssh should have been done, ie, rcmd(3) should be ssh-aware. -- =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Vivek Khera, Ph.D. Khera Communications, Inc. Internet: khera@kciLink.com Rockville, MD +1-301-545-6996 GPG & MIME spoken here http://www.khera.org/~vivek/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14827.26524.933168.86478>