SUMMARY: rsh gives "insufficient credentials"

From: Nicole Skyrca <nskyrca_at_syr.edu>
Date: Tue Nov 11 2003 - 10:28:34 EST
Hi,
I fixed this problem by putting in an old pam.conf file.  Here is the
"authentication management" section
of the pam.conf that works:

# Authentication management
#
login   auth requisite          pam_authtok_get.so.1
login   auth required           pam_dhkeys.so.1
login   auth required           pam_unix_auth.so.1
login   auth required           pam_dial_auth.so.1
#
rlogin  auth required   pam_rhosts_auth.so.1
rlogin  auth requisite          pam_authtok_get.so.1
rlogin  auth required           pam_dhkeys.so.1
rlogin  auth required           pam_unix_auth.so.1
#
dtlogin auth requisite          pam_authtok_get.so.1
dtlogin auth required           pam_dhkeys.so.1
dtlogin auth required           pam_unix_auth.so.1
#
rsh     auth sufficient         pam_rhosts_auth.so.1
rsh     auth required           pam_unix_auth.so.1
other   auth requisite          pam_authtok_get.so.1
other   auth required           pam_dhkeys.so.1
other   auth required           pam_unix_auth.so.1


Nicole



----------Original Post -----------------------

Hello,
I have a user who is trying to use rsh to execute a command on a remote
machine, but when he does he gets the error "insufficient credentials".  The
user has "+ username" in his .rhosts file.  The command they are running from
machine A to B is "rsh -l username B ls".



I found something on the web saying that for this to work, the /etc/pam.conf
entries for rsh should be like the following, but when I use these settings,
I
am no longer able to "su" to root. It just says "su: Sorry". I've also tried
using the "pam_unix.so.1" module, but no luck.

   rsh     auth sufficient  /usr/lib/security/$ISA/pam_rhosts_auth.so.1
   rsh   auth required   /usr/lib/security/$ISA/pam_unix_auth.so.1



The local machine (A) is runnig Solaris 8 HW 5/03, and has patch 108993-26.
The remote machine (B) is running Solaris 8 HW 5/03 with patch 108993-22
installed.

The "authentication management" portion of the /etc/pam.conf for machine A
   is:

   # Authentication management
   #
   login   auth required   /usr/lib/security/$ISA/pam_unix.so.1
   login   auth required   /usr/lib/security/$ISA/pam_dial_auth.so.1
   #
   rlogin  auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
   rlogin  auth required   /usr/lib/security/$ISA/pam_unix.so.1
   #
   dtlogin auth required   /usr/lib/security/$ISA/pam_unix.so.1
   #
   rsh     auth required   /usr/lib/security/$ISA/pam_rhosts_auth.so.1
   other   auth required   /usr/lib/security/$ISA/pam_unix.so.1




The "authentication management" portion of the /etc/pam.conf for machine B
   is:

   # Authentication management
   #
   login   auth required   /usr/lib/security/$ISA/pam_unix.so.1
   login   auth required   /usr/lib/security/$ISA/pam_dial_auth.so.1
   #
   rlogin  auth sufficient /usr/lib/security/$ISA/pam_rhosts_auth.so.1
   rlogin  auth required   /usr/lib/security/$ISA/pam_unix.so.1
   #
   dtlogin auth required   /usr/lib/security/$ISA/pam_unix.so.1
   #
   rsh     auth required   /usr/lib/security/$ISA/pam_rhosts_auth.so.1
   other   auth required   /usr/lib/security/$ISA/pam_unix.so.1


   How could I fix this problem?

   Thanks!
   Nicole

Nicole Skyrca
Syracuse University
Computing and Media Services
Machinery Hall
315-443-5310
nskyrca@syr.edu
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Tue Nov 11 10:33:28 2003

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:22 EST