FW: [Slightly OT] 6.1 Root Login troubles
Many of your questions may have already been answered in earlier discussions or in the FAQ. The search results page will indicate current discussions as well as past list serves, articles, and papers.
Ward William E PHDN wardwe at nswcphdn.navy.milMon Jun 19 12:22:40 PDT 2000
- Previous message: performance.
- Next message: Athlon + PC133: no ECC?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This is slightly OT, because it doesn't concern one of my actual Beowulf nodes, and instead is one of the workstations I've set aside, but it's close to the issues that concern Beowulf security, so I thought I'd throw it out here to be looked at. One of my workstations recently had to be reinstalled (my fault... I accidentally hit the power switch during an upgrade from 5.2 to 6.1) and so, after a complete install, I needed to reset the machine's login capabilities, specifically, I need to allow root to login and telnet in. Since the machine is NOT in my cluster, I don't want to allow standard rsh or ssh, but I do want to allow rlogin (yes, I know, I should be using ssh and slogin) since it can be seen by anyone on the internal network (it's on a secure network, but is still much more exposed than in a cluster). By using my own knowledge, I was able to modify the /etc/pam.d/rlogin file to allow root logins... but I ran into a problem. If I set up pam to be permissive, it will allow normal users to simply type their name without requiring a password (during LOGIN, not rlogin... I'm talking someone at the console, here). Root needs to have the root password, but can login normally... I reverted to the original /etc/pam.d/rlogin file, and modified it to be less permissive, and voila, mission accomplished. Normal users can login as normal, and root can do an rlogin... BUT, there's a catch. When root does an rlogin I get the following: wew at otherhost> su passwd: [root at otherhost]# rlogin pigpen passwd: passwd: [root at pigpen]# In other words, it asks for the password twice (but only for root) before accepting the password and letting me in. If I don't properly enter the password, I cannot login. While this is an annoyance for a user, it's not an unlivable situation, except that I also have a cron job that goes to every one of my machines to do remote backups (Veritas Netbackup) and this breaks those scripts for pigpen (and since they are commercial, I can't modify them...) I finally broke down (when all else fails, read the manual) and checked the Beowulf howto... and I'm exactly correct as near as I can tell with what I've done, i.e., I'm "by the book", if I was trying to open up the node but not putting in the remote hosts in my /etc/hosts.equiv nor putting in .rhosts files for root, which would imply that I should only require the user to login. Oh, and since it's an obvious question, the reason I can do a restore is that Netbackup can't logon to the machine... a perfect Catch-22. The backups are perfect, I just can get them to the machine that needs them. This all worked properly under 5.2, but doesn't work under 6.1 with the fresh install... anyone have any ideas? Note, I haven't upgraded any packages; this machine doesn't have internet access, but I can get the rpms onto it if that's the final verdict. Sorry for straying somewhat off-topic, but thanks in advance. R/William Ward
- Previous message: performance.
- Next message: Athlon + PC133: no ECC?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Beowulf mailing list