PAM/rlogin/securetty buglet - rlogin as root. (SOLUTION: rlogin as root fails)

Wed, 29 Apr 1998 14:52:20 -0400 


I know that allowing root rlogin is ill advised, but for our
particular situation we *needed it*.

For the longest time I couldn't get it to work - whenever you rlogin
to a machine as root, even if you have a valid .rhosts file, you still 
got prompted for the passsword.

On top of this, it would *ignore* the first password you'd enter,
whether or not the password was valid!

Doing some digging, I found that the problem was occuring whether or
not pam_rhosts_ok was allowing or barring access for that user...

So, I turned on the 'debug' options in the pam.d/rlogin file and
here's what I found:

---------------------------
Apr 29 14:57:29 zathrus PAM-securetty[18384]: access denied: tty 'tty' is not secure !
Apr 29 14:57:29 zathrus pam_rhosts_auth[18384]: allowed to [EMAIL PROTECTED] as chris
Apr 29 14:57:46 zathrus PAM_pwdb[18384]: PAM authentication failed for in.rlogind

<then finally, after entering the correct password twice, it lets me in..>

Apr 29 14:57:54 zathrus PAM_pwdb[18385]: (login) session opened for
user chris by (uid=0)
Apr 29 14:57:54 zathrus PAM_pwdb[18385]: ROOT LOGIN ON ttyp2 FROM kosh
----------------------------

Hrrm, this line:
Apr 29 14:57:29 zathrus PAM-securetty[18384]: access denied: tty 'tty'
is not secure !

looks *AWFULLY* fishy!  So I added 'tty' to /etc/securetty and now
everything works as advertised!

So...

* Firstly - should 'rlogin' be reporting that the login tty is called
'tty' as opposed to the actual tty which is like, /dev/ttyp2 ?

* Secondly - If the above behaviour is correct, perhaps it should be
documented somewhere?

Thanks,
-Chris P.
______________________________________________________________________
Chris Patti          [EMAIL PROTECTED]          Systems Wrangler      
Central Services - Entropy Reduction Specialist At Large 
----------------------------------------------------------------------


-- 
  PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
         To unsubscribe: mail [EMAIL PROTECTED] with 
                       "unsubscribe" as the Subject.

Reply via email to