[3508] in Kerberos
using kerberized rlogin with secure nfs
daemon@ATHENA.MIT.EDU (Kambiz Aghaiepour)
Thu Jun 30 21:49:21 1994
Date: Thu, 30 Jun 94 18:38:53 PDT
To: kerberos@MIT.EDU
Cc: sun-managers@gw.PacBell.COM
Reply-To: kambiz@srv.PacBell.COM
From: Kambiz Aghaiepour <kxaghai@srv.PacBell.COM>
Sorry if this is too wordy but I need help with the following. I have a
network of SUNs running 4.1.3.
When I rlogin to another system which automounts my home directory from my
own machine with the -secure option using rlogin (this is using mit
k5b3 rlogin), I get the following error message:
kxaghai@booboo<2>: [ ~ ] $ /krb5/bin/rlogin -x ulysses
This rlogin session is using DES encryption for all data transmissions.
NFS lookup failed for server booboo: RPC: Authentication error
No directory /home/booboo/kxaghai!
Logging in with home = "/".
Last login: Thu Jun 30 18:15:31 from booboo
SunOS Release 4.1.3 (SUN4M_4.1.3_SYBASE) #1: Tue Dec 14 15:42:39 PST 1993
$
looking at env I see the following:
$ env
_=/bin/env
LOGIN=kxaghai
PATH=/bin:/usr/bin:/usr/ucb:/etc:/usr/etc:/usr/etc/install:.
LOGNAME=kxaghai
USER=kxaghai
SHELL=/bin/ksh
HOME=/
TERM=xterm
PWD=/
$
I know this is because I am bypassing the keylogin process that stores
the user key in the keyserv process. I have installed the DES
encryption kit on all my SUNs running sunos 4.1.3 (some run 4.1.3u1)
which among other things replaces the /usr/bin/login with one that does
the equivalent of keylogin IFF the user is prompted for a password
during login (depending on the /etc/hosts.equiv and .rhosts file).
The problem is that krlogind (ekrlogind) doesn't perform the keylogin
process and I am left with a home pointing to "/". I can get around the
problem by doing a keylogin, resetting the HOME variable, and rerunning
my startup files (.profile or whatever). This gets a bit cumbersome.
The funny thing is that even when I do a keylogin manually, then from
another window run a kerberos rlogin -x to the same machine which I just
ran keylogin on, I still get logged in with HOME="/" *BUT* I can see my
secure nfs mounted home directory and am able to create files as myself
there.
Can anyone explain the above wierdness or has anyone ever gotten secure
NFS filesystems to work properly with kerberos rlogin?
Thanks for any hints.
Kambiz
--
\o__O o Kambiz Aghaiepour - | kambiz@srv.PacBell.COM o o
\_ /|\ Pacific Bell |\- srv.PacBell.COM!kambiz //\ //\
|\ |\ 2600 Camino Ramon, 4n000bb | | Voice: (510) 901-9089 // //
/ / |/ San Ramon, CA 94583 | Pager: (510) 539-3217 |\ ||
