Solaris 8 .rhosts file with automounted home & LDAP

From: Patrick Cable (cable@ll.mit.edu)
Date: Wed Feb 13 2008 - 10:26:23 EST

• Next message: Eric Deblon: "mpxio with iscsi disks"
• Previous message: Vincent/Violet: "VMware Win2k3 Cluster : physical & virtual ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I'm attempting to set-up Solaris 8 to authenticate and load it's
automount maps from LDAP. I have that part working great (even with
OpenLDAP). However, we currently use RSH, and many of our users have an
rhosts file that is in their $HOME (which is automounted) to simplify
authentication. In the examples below, there is an .rhosts file that
allows logins from the host "flab"

When I attempt to connect as a regular user (with an automounted home
directory), I get the following:

[1001][cable@flab:~]$ rsh -l cable ldaptest
Login incorrect
rlogin: connection closed.

Output from auth.debug facility on ldaptest shows:
Feb 13 09:59:52 ldaptest login: [ID 468494 auth.crit] login account
failure: Authentication failed

When I attempt to connect as root (no automouted home), it works fine:
[root@flab ~]# rsh ldaptest
Last login: Wed Feb 13 09:49:28 from flab
bash-2.03#

Authentication section of pam.conf includes:
login auth required pam_unix.so.1
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth sufficient pam_unix.so.1
rlogin auth required pam_ldap.so.1 try_first_pass
#dtlogin auth required pam_dhkeys.so.1
#dtlogin auth sufficient pam_unix_auth.so.1
#dtlogin auth required pam_ldap.so.1 use_first_pass
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth sufficient pam_unix.so.1
rsh auth required pam_ldap.so.1 try_first_pass
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth sufficient pam_unix_auth.so.1
other auth required pam_ldap.so.1 try_first_pass
passwd auth sufficient pam_unix.so.1
passwd auth required pam_ldap.so.1 try_first_pass

Password authentication for users with automounted homes works fine.
rhosts authentication for users with automounted homes on our NIS+
server works fine. Just not with LDAP. Any ideas?
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Eric Deblon: "mpxio with iscsi disks"
• Previous message: Vincent/Violet: "VMware Win2k3 Cluster : physical & virtual ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:42:46 EDT