[13038] in North American Network Operators' Group
Re: OK.
daemon@ATHENA.MIT.EDU (Jamie Rishaw)
Sat Oct 25 13:25:47 1997
To: tstroup@fibernet.net (Todd R. Stroup)
Date: Sat, 25 Oct 1997 13:19:07 -0400 (EDT)
Cc: cosmo@olywa.net, alex@nac.net, nanog@merit.edu
In-Reply-To: <Pine.SGI.3.91.971025003927.14896A-100000@optical> from "Todd R. Stroup" at "Oct 25, 97 00:48:19 am"
From: jamie@intuition.iagnet.net (Jamie Rishaw)
Reply-To: jamie@intuition.iagnet.net
Todd R. Stroup wrote:
>
> Looking at the source for the looking-glass though it doesn't use the
> username option for rsh command. When useing the cisco command below
> don't you have to use the rsh username?
>
> ip rcmd remote-host www 206.183.224.12 nobody
>
> I changed the ip of the $ROUTER in lg.pl to
> "www\@ipaddress.of.router" instead of "ipaddress.of.router"
> which seems to work. I kept getting Permission Denied without it.
You need to make sure that in 'ip rcmd' that you have local-username
defined to something that there is a 'username xxx' entry on the cisco for.
In other words, if you have (sorry syntax is probably not correct):
ip rcmd remote-host joebob lookingglass.yourcompany.com daemon enable
you have to have a
'username joebob' entry on the cisco as well.
local-username means "apply the permissions of local-username when this rsh
matches"
and remote-username is the userid of whatever your cgi-bin runs as.. if your
web server is setuid "daemon" and cgi-bins are daemon, it will only work
if you have 'daemon' as a remote-username in the ip rcmd command.
HTH,
-jamie
--
jamie g.k. rishaw dal/efnet:gavroche __ IAGnet/CICNet/netILLINOIS Netops
DID:216.902.5455 FAX:216.623.3566 \/ 800.637.4IAGx5455
"It's like im being tied to the hood of a yellow rental truck being packed in
with fertilizer and fuel oil.. pushed over a cliff by a suicidal mickey mouse."
