Re: How can I remove PAM from my system?
Ethan Benson wrote:
>
> removing pam would effectivly break nearly everything.
>
> i am curious as to why you really need to remove pam though? debian
> default config for pam is pretty much standard unix, you should not
> really see any difference.
Here's my /etc/pam.d/rsh on beowulf slave node:
#%PAM-1.0
auth required pam_permit.so
auth required pam_warn.so
ypcat works great, so I suppose there's no problem with NIS. All
required maps (passwd, shadow.byname, netgroup) work.
Here's what happens when I try to rlogin to the slave node:
node01:/usr/share/doc/rsh-server# tail /var/log/auth.log
Nov 27 20:23:27 node01 login[13856]: FAILED LOGIN (1) on `pts/2' from `borg' FOR `exa', Authentication service cannot retrieve authentication info.
Nov 27 20:23:33 node01 PAM-warn[13857]: service: rlogin [on terminal: /dev/pts/2]
Nov 27 20:23:33 node01 PAM-warn[13857]: user: (uid=0) -> exa [remote: exa@borg]
Nov 27 20:23:33 node01 in.rlogind[13857]: PAM authentication failed for in.rlogind
Nov 27 20:23:50 node01 PAM-warn[13859]: service: rlogin [on terminal: /dev/pts/2]
Nov 27 20:23:50 node01 PAM-warn[13859]: user: (uid=0) -> exa [remote: exa@borg]
Nov 27 20:23:50 node01 in.rlogind[13859]: PAM authentication failed for in.rlogind
Nov 27 20:28:58 node01 PAM-warn[13863]: service: rlogin [on terminal: /dev/pts/2]
Nov 27 20:28:58 node01 PAM-warn[13863]: user: (uid=0) -> exa [remote: exa@borg]
Nov 27 20:28:58 node01 in.rlogind[13863]: PAM authentication failed for in.rlogind
What is this last line supposed to mean? What else does in.rlogind
need?
This isn't all. I installed a telnet server to check what's going on
and here's the ordeal:
Nov 27 20:34:55 node01 PAM_unix[13875]: check pass; user unknown
Nov 27 20:34:55 node01 PAM_unix[13875]: authentication failure; (uid=0) -> exa for login service
What the heck is the wonderful pam_unix.so talking about?
node01:/usr/share/doc/rsh-server# ypcat passwd | grep exa
exa:x:1000:1000:Eray 'exa' Ozkural,,,:/home/exa:/bin/bash
I was pretty sure this was due to the great glibc upgrade which probably
fscked up the nsswitch. But then this can't be the case because the
glibc tool getent works all right!
node01:/usr/share/doc/rsh-server# getent passwd exa
exa:x:1000:1000:Eray 'exa' Ozkural,,,:/home/exa:/bin/bash
But the same getent complains:
node01:/usr/share/doc/rsh-server# getent shadow exa
Unknown database: shadow
node01:/usr/share/doc/rsh-server# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.
passwd: compat
group: compat
shadow: compat
hosts: files nis dns
networks: nis files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
This is pretty standard for our beowulf setup and it used to work.
Now it's dead.
__
Eray (exa) Ozkural
Comp. Sci. Dept., Bilkent University, Ankara
e-mail: erayo@cs.bilkent.edu.tr
www: http://www.cs.bilkent.edu.tr/~erayo
Reply to: