[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How can I remove PAM from my system?

Ethan Benson wrote:
> 
> removing pam would effectivly break nearly everything.
> 
> i am curious as to why you really need to remove pam though?  debian
> default config for pam is pretty much standard unix, you should not
> really see any difference.

Here's my /etc/pam.d/rsh on beowulf slave node:

#%PAM-1.0
auth    required  pam_permit.so
auth    required  pam_warn.so

ypcat works great, so I suppose there's no problem with NIS. All
required maps (passwd, shadow.byname, netgroup) work.

Here's what happens when I try to rlogin to the slave node:
node01:/usr/share/doc/rsh-server# tail /var/log/auth.log
Nov 27 20:23:27 node01 login[13856]: FAILED LOGIN (1) on `pts/2' from `borg' FOR `exa', Authentication service cannot retrieve authentication info.
Nov 27 20:23:33 node01 PAM-warn[13857]: service: rlogin [on terminal: /dev/pts/2]
Nov 27 20:23:33 node01 PAM-warn[13857]: user: (uid=0) -> exa [remote: exa@borg]
Nov 27 20:23:33 node01 in.rlogind[13857]: PAM authentication failed for in.rlogind
Nov 27 20:23:50 node01 PAM-warn[13859]: service: rlogin [on terminal: /dev/pts/2]
Nov 27 20:23:50 node01 PAM-warn[13859]: user: (uid=0) -> exa [remote: exa@borg]
Nov 27 20:23:50 node01 in.rlogind[13859]: PAM authentication failed for in.rlogind
Nov 27 20:28:58 node01 PAM-warn[13863]: service: rlogin [on terminal: /dev/pts/2]
Nov 27 20:28:58 node01 PAM-warn[13863]: user: (uid=0) -> exa [remote: exa@borg]
Nov 27 20:28:58 node01 in.rlogind[13863]: PAM authentication failed for in.rlogind

What is this last line supposed to mean? What else does in.rlogind
need?

This isn't all. I installed a telnet server to check what's going on
and here's the ordeal:

Nov 27 20:34:55 node01 PAM_unix[13875]: check pass; user unknown
Nov 27 20:34:55 node01 PAM_unix[13875]: authentication failure; (uid=0) -> exa for login service

What the heck is the wonderful pam_unix.so talking about?
node01:/usr/share/doc/rsh-server# ypcat passwd | grep exa
exa:x:1000:1000:Eray 'exa' Ozkural,,,:/home/exa:/bin/bash

I was pretty sure this was due to the great glibc upgrade which probably
fscked up the nsswitch. But then this can't be the case because the
glibc tool getent works all right!

node01:/usr/share/doc/rsh-server# getent passwd exa
exa:x:1000:1000:Eray 'exa' Ozkural,,,:/home/exa:/bin/bash

But the same getent complains:
node01:/usr/share/doc/rsh-server# getent shadow exa
Unknown database: shadow

node01:/usr/share/doc/rsh-server# cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd:         compat
group:          compat
shadow:         compat

hosts:          files nis dns
networks:       nis files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis


This is pretty standard for our beowulf setup and it used to work.
Now it's dead.

__
Eray (exa) Ozkural
Comp. Sci. Dept., Bilkent University, Ankara
e-mail: erayo@cs.bilkent.edu.tr
www: http://www.cs.bilkent.edu.tr/~erayo
Reply to: