[29669] in Kerberos

home help back first fref pref prev next nref lref last post

Help with Kerberos5 "rlogin -x -f" command on Solaris 8/9 and PAM.

daemon@ATHENA.MIT.EDU (Mukarram Syed)
Thu Apr 10 22:00:09 2008

From: "Mukarram Syed" <muksyed@stanford.edu>
To: <kerberos@mit.edu>
Date: Thu, 10 Apr 2008 18:59:22 -0700
Message-ID: <004701c89b77$a9ad4ea0$861942ab@stanford.edu>
MIME-Version: 1.0
In-Reply-To: 
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: kerberos-bounces@mit.edu

 

Hi,

I have been trying to configure the /etc/pam.conf file to get rlogin -x -f
to work on our Stanford Solaris servers.

rlogin -x -f <servername> works, but the problem is that it does not get the
AFS tokens.

I am using pam_krb5 and pam_afs_session modules.

SSH works however and I could get the AFS tokens.  But some of our servers
don't run sshd and depend on rlogin (k5).

When I rlogin -x -f <servername>, the rlogin command does not even read the
/etc/pam.conf file.  If I move the /etc/pam.conf file to another name, the
rlogin -x -f <servername> command still works (without afs tokens), but SSH
depends on the /etc/pam.conf file since the UsePAM is set to yes in the
/etc/ssh/sshd_config file.

I am certainly not a PAM/Kerberos5 guru and hence I am posting this for some
help.

I am not sure what's missing here in the /etc/pam.conf file.

 

Thanks much.

 

# mukarram syed.

 

Here is my /etc/pam.conf file:

 

sshd    auth requisite          pam_authtok_get.so.1

sshd    auth required           pam_dhkeys.so.1

sshd    auth required           pam_unix_auth.so.1

sshd    account required                pam_unix_account.so.1

rsh     auth sufficient         pam_rhosts_auth.so.1

rsh     auth required           pam_unix_auth.so.1

ppp     auth requisite          pam_authtok_get.so.1

ppp     auth required           pam_dhkeys.so.1

ppp     auth required           pam_unix_auth.so.1

ppp     auth required           pam_dial_auth.so.1

other   auth requisite          pam_authtok_get.so.1

other   auth required           pam_dhkeys.so.1

other   auth required           pam_unix_auth.so.1

passwd  auth required           pam_passwd_auth.so.1

cron    account required        pam_projects.so.1

cron    account required        pam_unix_account.so.1

other   account requisite       pam_roles.so.1

other   account required        pam_projects.so.1

other   account required        pam_unix_account.so.1

other   session required        pam_unix_session.so.1

rlogin session required /usr/local/lib/security/pam_krb5.so use_first_pass
forwardable retain_after_close minimum_uid=100 search_k5login

sshd session required /usr/local/lib/security/pam_krb5.so use_first_pass
forwardable retain_after_close minimum_uid=100 search_k5login

rlogin session required /usr/local/lib/security/pam_afs_session.so
minimum_uid=100 retain_after_close program=/usr/local/bin/aklog 

sshd session required /usr/local/lib/security/pam_afs_session.so
minimum_uid=100 retain_after_close program=/usr/local/bin/aklog 

other   password required       pam_dhkeys.so.1

other   password requisite      pam_authtok_get.so.1

other   password requisite      pam_authtok_check.so.1

other   password required       pam_authtok_store.so.1

su      auth requisite          /usr/local/lib/security/su_group0.so.1

su      auth requisite          pam_authtok_get.so.1

su      auth required           pam_dhkeys.so.1

su      auth required           pam_unix_auth.so.1

 

________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
home help back first fref pref prev next nref lref last post