Date: Thu, 14 Oct 1999 08:10:57 -0700 (PDT) From: randy@psg.com To: freebsd-gnats-submit@freebsd.org Subject: misc/14326: kerberos4 pam-related breakage in current Message-ID: <19991014151057.7508D14F6B@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 14326
>Category: misc
>Synopsis: kerberos4 pam-related breakage in current
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Oct 14 08:20:00 PDT 1999
>Closed-Date:
>Last-Modified:
>Originator: Randy Bush
>Release: 4.0-current
>Organization:
ymbk
>Environment:
FreeBSD rip.psg.com 4.0-CURRENT FreeBSD 4.0-CURRENT #0: Tue Oct 12 05:55:02 PDT 1999 root@rip.psg.com:/usr/src/sys/compile/RIP i386
>Description:
From: Randy Bush <randy@psg.com>
To: Mark Murray <mark@grondar.za>
Subject: Re: k4 and -current
Date: Wed, 13 Oct 1999 16:27:22 -0700
> OK - duplicate all the lines in pam.conf that begin with
> "login", and replace the regex "^login" with "rlogind" for
> the duplicated case.
> Repeat except replace with "rshd".
done
# If you want KerberosIV authentication, uncomment the next line:
login auth sufficient pam_kerberosIV.so try_first_pass
shell auth sufficient pam_kerberosIV.so try_first_pass
rlogind auth sufficient pam_kerberosIV.so try_first_pass
rshd auth sufficient pam_kerberosIV.so try_first_pass
> Let me know as much as possible about the failure after
> that...
roam.psg.com:/usr/home/randy> rsh rip ls
rsh: kcmd: connection unexpectedly closed.
Login incorrect.
roam.psg.com:/usr/home/randy> rsh rip ls
rsh: kcmd: connection unexpectedly closed.
Login incorrect.
roam.psg.com:/usr/home/randy> rsh -x rip ls
rsh: kcmd: connection unexpectedly closed.
rsh: the -x flag requires Kerberos authentication
roam.psg.com:/usr/home/randy> rlogin rip
rlogin: remote host doesn't support Kerberos: Connection refused
^C
roam.psg.com:/usr/home/randy> rlogin -x rip
rlogin: krcmd_mutual: Generic kerberos error (kfailure)
rlogin: the -x flag requires Kerberos authentication
Oct 13 16:22:00 rip rshd[84249]: connect from roam.psg.com
Oct 13 16:22:00 rip rshd[84249]: no modules loaded for `rshd' service
Oct 13 16:22:00 rip rshd[84249]: auth_pam: Permission denied
Oct 13 16:22:00 rip rshd[84249]: PAM authentication failed
Oct 13 16:22:00 rip rshd[84249]: randy@roam.psg.com as randy: permission denied. cmd='ls'
Oct 13 16:22:51 rip rshd[84268]: connect from roam.psg.com
Oct 13 16:22:51 rip rshd[84268]: connection from 147.28.0.38 on illegal port 5120
Oct 13 16:22:51 rip rshd[84269]: connect from roam.psg.com
Oct 13 16:22:51 rip rshd[84269]: no modules loaded for `rshd' service
Oct 13 16:22:51 rip rshd[84269]: auth_pam: Permission denied
Oct 13 16:22:51 rip rshd[84269]: PAM authentication failed
Oct 13 16:22:51 rip rshd[84269]: randy@roam.psg.com as randy: permission denied. cmd='ls'
Oct 13 16:24:35 rip rshd[84313]: connect from roam.psg.com
Oct 13 16:24:35 rip rshd[84313]: usage: rshd [-alnDL]
Oct 13 16:24:51 rip rlogind[84326]: usage: rlogind [-Dalnx]
Oct 13 16:24:51 rip rlogind[84326]: Connection from 147.28.0.38 on illegal port
>How-To-Repeat:
kerberos 4 rlogin/rsh to a -current host
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991014151057.7508D14F6B>