Re: root and .rhosts file

1997-09-15 Thread Martin Schulze 
On Sep 15, Jeppe Buk wrote

  Try adding -h after rshd in your /etc/inetd.conf. This flag allows
  your in.rshd to use the root .rhosts file. Without it /root/.rhosts
  will be silently ignored.
 
 That did it! The option isn't mentioned in the man page. How was I
 supposed to have found this out myself?

Please send an appropriate bug report against netstd.

Regards,

Joey

-- 
Individual Network e.V. _/ 27./28.9.97: Kongress des IN e.V.
[EMAIL PROTECTED] _/http://www.individual.net/congress/
Tel: (0441) 98347-15  _/ Highlights: Richard Stallmann, Bruce Perens


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: root and .rhosts file

1997-09-15 Thread Jeppe Buk 
On Mon, 15 Sep 1997, Bengt-Ove Johansson wrote:

  I'm a student programmer at the Dept. of Mathematics and Computer Science,
  Odense University in Denmark.
  
  I've installed Debian 1.2 on one of our PC's in the Unix network. This
  works great (not surprisingly).
  
  Now I've installed Debian 1.3.1 on another PC, and I can't get this new
  machine to accept root rsh requests from our primary server (running
  SunOS), or any other machine, for that matter. Both Debian machines have
  the same .rhosts file in the root homedir, but the 1.3.1 host gives
  permission denied replies.
 
 Try adding -h after rshd in your /etc/inetd.conf. This flag allows
 your in.rshd to use the root .rhosts file. Without it /root/.rhosts
 will be silently ignored.

That did it! The option isn't mentioned in the man page. How was I
supposed to have found this out myself?

 I think I saw a mail on this list a while ago about that flag being
 removed.

It isn't used on the 1.2 host. The first thing I did was compare their
inetd.conf :-)

  I'm lost, and if I don't solve the problem my system manager will not let
  me install Debian on new PCs in the department (Not Good!).
 
 That would be awful!!

My thought exactly!

 I hope things work out for you. Let me now how it turns out.

They did.

Regards,
---
Jeppe Buk, student of computer science   Phone:   +45 6557 2347
IMADA, Odense University Email: [EMAIL PROTECTED]
Campusvej 55  WWW: http://www.imada.ou.dk/~buk/
DK-5230 Odense M, Denmark   SMS (subject only): [EMAIL PROTECTED]
---


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] . Trouble? 
e-mail to [EMAIL PROTECTED] .

Re: root and .rhosts file

1997-09-15 Thread Bengt-Ove Johansson 
On Wed, Sep 10, 1997 at 03:53:42PM +0200, Jeppe Buk wrote:
 Hi
 
 I'm a student programmer at the Dept. of Mathematics and Computer Science,
 Odense University in Denmark.
 
 I've installed Debian 1.2 on one of our PC's in the Unix network. This
 works great (not surprisingly).
 
 Now I've installed Debian 1.3.1 on another PC, and I can't get this new
 machine to accept root rsh requests from our primary server (running
 SunOS), or any other machine, for that matter. Both Debian machines have
 the same .rhosts file in the root homedir, but the 1.3.1 host gives
 permission denied replies.
 

Try adding -h after rshd in your /etc/inetd.conf. This flag allows
your in.rshd to use the root .rhosts file. Without it /root/.rhosts
will be silently ignored.

I think I saw a mail on this list a while ago about that flag being
removed.

BTW, rlogin works the same.

 BTW: I'm not using shadow passwords on any of the systems.
 
 I'm lost, and if I don't solve the problem my system manager will not let
 me install Debian on new PCs in the department (Not Good!).
 

That would be awful!!

I hope things work out for you. Let me now how it turns out.

Cheers,
Bengt-Ove!


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: root and .rhosts file

1997-09-15 Thread Philippe Troin 

On Mon, 15 Sep 1997 16:13:43 +0200 Martin Schulze ([EMAIL PROTECTED]
ual.net) wrote:

 On Sep 15, Jeppe Buk wrote
 
   Try adding -h after rshd in your /etc/inetd.conf. This flag allows
   your in.rshd to use the root .rhosts file. Without it /root/.rhosts
   will be silently ignored.
  
  That did it! The option isn't mentioned in the man page. How was I
  supposed to have found this out myself?
 
 Please send an appropriate bug report against netstd.

Not necessary.

From `man rshd':
 8.   Rshd then validates the user using ruserok(3),  which uses the file
  /etc/hosts.equiv and the .rhosts file found in the user's home di­
  rectory. The -l option prevents ruserok(3) from doing any validation
  based on the user's ``.rhosts'' file (unless the user is the supe­
  ruser and the -h option is used.) If the -h option is not used, su­
  peruser accounts may not be accessed via this service at all.

Phil.



--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] .
Trouble?  e-mail to [EMAIL PROTECTED] .

root and .rhosts file (again)

1997-09-11 Thread Jeppe Buk 
Hi

Thanks for all the answers I got to my original message. I'm afraid you
all misunderstood my question, though.

I am not interested in allowing remote root logins to my machine. Only rsh
and friends (like rcp). To illustrate, this is a transcript from a short
session from our primary server (the one requiring rsh access to the
debian hosts):

To the machine working correctly:
|-
| # rsh deb1 date
| Thu Sep 11 15:12:48 MET DST 1997
|
| # rlogin deb1
| root login refused on this terminal.
|
| deb1 login: 
|-

To the debian 1.3.1 machine:
|-
| # rsh deb2 date
| Permission denied.
|
| # rlogin deb2
| Password: 
|-

Both machines have the same entry in root's .rhosts file, and 'deb1'
also fails if that entry is removed.

Regards,
---
Jeppe Buk, student of computer science   Phone:   +45 6557 2347
IMADA, Odense University Email: [EMAIL PROTECTED]
Campusvej 55  WWW: http://www.imada.ou.dk/~buk/
DK-5230 Odense M, Denmark   SMS (subject only): [EMAIL PROTECTED]
---
Software is like sex; it's better when it's free. (Linus Torvalds)



--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] . Trouble? 
e-mail to [EMAIL PROTECTED] .

Re: root and .rhosts file (again)

1997-09-11 Thread joost witteveen 
 Hi
 
 Thanks for all the answers I got to my original message. I'm afraid you
 all misunderstood my question, though.
 
 I am not interested in allowing remote root logins to my machine. Only rsh
 and friends (like rcp). To illustrate, this is a transcript from a short
 session from our primary server (the one requiring rsh access to the
 debian hosts):
 
 To the machine working correctly:
 |-
 | # rsh deb1 date
 | Thu Sep 11 15:12:48 MET DST 1997
 |
 | # rlogin deb1
 | root login refused on this terminal.
 |
 | deb1 login: 


Why do you think that is correctly? Do you think a mashine not
allowing root logins, while it does allow

  rsh deb1 sh -c 'dd if=/dev/null of=/dev/hda'

working correctly (don't try it!)? At least I think the new behaviour

 To the debian 1.3.1 machine:
 |-
 | # rsh deb2 date
 | Permission denied.
 |
 | # rlogin deb2
 | Password: 
 |-

Is consistant, and preferable.

-- 
joost witteveen, [EMAIL PROTECTED]
#!/usr/bin/perl -sp0777iX+d*lMLa^*lN%0]dsXx++lMlN/dsM0j]dsj
$/=unpack('H*',$_);$_=`echo 16dio\U$kSK$/SM$n\EsN0p[lN*1
lK[d2%Sa2/d0$^Ixp|dc`;s/\W//g;$_=pack('H*',/((..)*)$/)
#what's this? see http://www.dcs.ex.ac.uk/~aba/rsa/


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: root and .rhosts file (again)

1997-09-11 Thread Jim Pick 

I think somebody said this already, but I'll repeat it.

Use ssh.

It's more secure, and easier to figure out.

The only downside it that it is non-free (only for non-commercial use) 
and non-US (can be used in the US, but not exported).

Cheers,

 - Jim




pgpsqHstBS8EG.pgp
Description: PGP signature

root and .rhosts file

1997-09-10 Thread Jeppe Buk 
Hi

I'm a student programmer at the Dept. of Mathematics and Computer Science,
Odense University in Denmark.

I've installed Debian 1.2 on one of our PC's in the Unix network. This
works great (not surprisingly).

Now I've installed Debian 1.3.1 on another PC, and I can't get this new
machine to accept root rsh requests from our primary server (running
SunOS), or any other machine, for that matter. Both Debian machines have
the same .rhosts file in the root homedir, but the 1.3.1 host gives
permission denied replies.

BTW: I'm not using shadow passwords on any of the systems.

I'm lost, and if I don't solve the problem my system manager will not let
me install Debian on new PCs in the department (Not Good!).

---
Jeppe Buk, student of computer science   Phone:   +45 6557 2347
IMADA, Odense University Email: [EMAIL PROTECTED]
Campusvej 55  WWW: http://www.imada.ou.dk/~buk/
DK-5230 Odense M, Denmark   SMS (subject only): [EMAIL PROTECTED]
---
Software is like sex; it's better when it's free. (Linus Torvalds)


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: root and .rhosts file

1997-09-10 Thread Ferenc Kiraly 
Hi!

 Now I've installed Debian 1.3.1 on another PC, and I can't get this new
 machine to accept root rsh requests from our primary server (running
 SunOS), or any other machine, for that matter. Both Debian machines have
 the same .rhosts file in the root homedir, but the 1.3.1 host gives
 permission denied replies.

This is a feature, not a bug. It is because root is by default allowd login 
only on some ttys. On my system (Debian 1.3.1) these ttys are listed in 
/etc/securetty and I think this is the default. Also see the CONSOLE entry 
in /etc/login.defs and play around with /etc/login.access. In these files you
can turn off the restriction that root cannot log in directly from remote 
machines or you can specify the machines from which root can log in, 
which is a little better.

feri.


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: root and .rhosts file

1997-09-10 Thread Brandon Mitchell 
It's a security hole (probably a simple dns spoof would gain root on
either machine.  And while I'm on the topic of security here, I'd suggest
ssh instead (harder, if not impossible to spoof).  But if you feel risky,
I think it is caused by the following:

[EMAIL PROTECTED](p1):bhmit1$ more /etc/securetty 
# /etc/securetty: list of terminals on which root is allowed to login.
# See securetty(5) and login(1).
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8

HTH,
Brandon

-
Brandon Mitchell E-mail: [EMAIL PROTECTED]
  Homepage: http://www.geocities.com/SiliconValley/7877/home.html
  PGP: finger -l [EMAIL PROTECTED] 
We all know Linux is great...it does infinite loops in 5 seconds.
--Linus Torvalds


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .

Re: root and .rhosts file; kerberos

1997-09-10 Thread Rick Hawkins 

On a similar vein, has anyone managed to make debian  kerberos machines talk 
this way?

mit has .rpm packages of kerberos  afs.  However, alien gives plenty of 
nonstandard executable location errors when converting.  Also, kerberos 
versions of some programs should (apparently) replace regular versions, but 
this information wouldn't be included in the .deb.

I have gotten a response hre at ISU, which kindly explains how to modify the 
source of my pop client :)

anyway, it seems I need kerberos to get my pop-3 mail and to rsh to the 
university machines.

rick



--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to
[EMAIL PROTECTED] . 
Trouble?  e-mail to [EMAIL PROTECTED] .