SUMMARY: rsh gives "insufficient credentials"

From: Nicole Skyrca (nskyrca@syr.edu)
Date: Tue Nov 11 2003 - 10:28:34 EST

Hi,
I fixed this problem by putting in an old pam.conf file. Here is the
"authentication management" section
of the pam.conf that works:

# Authentication management
#
login auth requisite pam_authtok_get.so.1
login auth required pam_dhkeys.so.1
login auth required pam_unix_auth.so.1
login auth required pam_dial_auth.so.1
#
rlogin auth required pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth required pam_unix_auth.so.1
#
dtlogin auth requisite pam_authtok_get.so.1
dtlogin auth required pam_dhkeys.so.1
dtlogin auth required pam_unix_auth.so.1
#
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required pam_unix_auth.so.1
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth required pam_unix_auth.so.1

Nicole

----------Original Post -----------------------

Hello,
I have a user who is trying to use rsh to execute a command on a remote
machine, but when he does he gets the error "insufficient credentials". The
user has "+ username" in his .rhosts file. The command they are running from
machine A to B is "rsh -l username B ls".

I found something on the web saying that for this to work, the /etc/pam.conf
entries for rsh should be like the following, but when I use these settings,
I
am no longer able to "su" to root. It just says "su: Sorry". I've also tried
using the "pam_unix.so.1" module, but no luck.

   rsh auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
   rsh auth required /usr/lib/security/$ISA/pam_unix_auth.so.1

The local machine (A) is runnig Solaris 8 HW 5/03, and has patch 108993-26.
The remote machine (B) is running Solaris 8 HW 5/03 with patch 108993-22
installed.

The "authentication management" portion of the /etc/pam.conf for machine A
   is:

   # Authentication management
   #
   login auth required /usr/lib/security/$ISA/pam_unix.so.1
   login auth required /usr/lib/security/$ISA/pam_dial_auth.so.1
   #
   rlogin auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
   rlogin auth required /usr/lib/security/$ISA/pam_unix.so.1
   #
   dtlogin auth required /usr/lib/security/$ISA/pam_unix.so.1
   #
   rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1
   other auth required /usr/lib/security/$ISA/pam_unix.so.1

The "authentication management" portion of the /etc/pam.conf for machine B
   is:

   # Authentication management
   #
   login auth required /usr/lib/security/$ISA/pam_unix.so.1
   login auth required /usr/lib/security/$ISA/pam_dial_auth.so.1
   #
   rlogin auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
   rlogin auth required /usr/lib/security/$ISA/pam_unix.so.1
   #
   dtlogin auth required /usr/lib/security/$ISA/pam_unix.so.1
   #
   rsh auth required /usr/lib/security/$ISA/pam_rhosts_auth.so.1
   other auth required /usr/lib/security/$ISA/pam_unix.so.1

   How could I fix this problem?

   Thanks!
   Nicole

Nicole Skyrca
Syracuse University
Computing and Media Services
Machinery Hall
315-443-5310
nskyrca@syr.edu
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:27:27 EDT