disable telnet enable rsh with PAM

From: Ors Tiszay (ETH) (Ors.Tiszay@eth.ericsson.se)
Date: Wed Apr 16 2003 - 12:16:42 EDT

• Next message: Mike's List: "SUMMARY: Attempted hacking???"
• Previous message: Dave Martini: "SUMMARY: swap and /tmp don't match up"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi

I have 10 Solaris 8 machines in a protected network. I would like to disable telnet access as root, but in the same time I want to allow root to rsh from one machine to another.
At first I thought that it's fairly simple, and all I have to do is edit /etc/pam.conf, but try as I might, I still get:

# rsh iw
Not on system console
Connection closed.
                            
Now I know that I get this because I have the line
CONSOLE=/dev/console
in my /etc/default/login, but that should only matter for login, not for rsh, shouldn't it?

I have this in /etc/pam.conf:

rsh auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
rsh account optional /usr/lib/security/$ISA/pam_unix.so.1
rsh session optional /usr/lib/security/$ISA/pam_unix.so.1

What's wrong?

Ors
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Mike's List: "SUMMARY: Attempted hacking???"
• Previous message: Dave Martini: "SUMMARY: swap and /tmp don't match up"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:26:12 EDT