Can anybody help with this keylogin module / getsecretkey questions? Ben? Thanks. --Rainer.
--- Begin Message ---
- To: rainer.dorsch@informatik.uni-stuttgart.de
- Cc: debian-nis+@ralf.informatik.ui-stuttgart.de
- Subject: Re: NIS+ - Package (fwd)
- From: Sébastien Chaumat <schaumat@ens-lyon.fr>
- Date: Thu, 23 Sep 1999 12:32:31 +0200 (CEST)
- Message-id: <Pine.LNX.3.96.990923122048.23037B-100000@mercure.ens-lyon.fr>
- Reply-to: Sébastien Chaumat <schaumat@ens-lyon.fr>
- In-reply-to: <m11T1GC-000HVyC@rainer.informatik.uni-stuttgart.de>
Here's the report. Install Potato with pam-0.69 (no more need for pam_unix2 from kukuk) Install pam_keylogin Install nisutils 1.1 I'll send you my /etc/nsswitch.conf in another mail (sorry I not on the right machine) Install the domainname binary Install my /etc/init.d/nisplus_client script (you have it) and the links into /etc/rc*.d Change in /etc/pam.d/login : the line auth required pam_unix.so should be followed immediately by auth required pam_keylogin.so use_first_pass Put the Debian client into the admin group on the SUN NIS+ server. reboot enjoy :-) Important : the nis+_client.deb must conflict with nis.deb but must include the dommainname command. IMPORTANT : I suggest that the pam_keylogin module is inserted AS SOON AS POSSIBLE into the libpam-modules.deb (I don't remember who is the maintener I hope is in your alias) watch your mail I send you some files. Seb Sebastien Chaumat Laboratoire de Physique Ecole Normale Superieure de Lyon
--- End Message ---
--- Begin Message ---
- To: rainer.dorsch@informatik.uni-stuttgart.de
- Cc: Pascal.Degiovanni@ens-lyon.fr, kukuk@suse.de
- Subject: arghh :-(
- From: Sébastien Chaumat <schaumat@ens-lyon.fr>
- Date: Thu, 23 Sep 1999 15:56:19 +0200 (CEST)
- Message-id: <Pine.LNX.3.96.990923155059.2412A-100000@mercure.ens-lyon.fr>
Hello, So there's still a problem. The pam keylogin module still has a problem. We were mistaken by the fact we had done already a keylogin so the keyserv process still remembered our secret keys. Logging in from scratch is possible but a user is still not authentified (in the nisplus sense). So it seems to us that the problem is localized in the pam_keylogin. Regards, Seb. & Pascal. Sebastien Chaumat Laboratoire de Physique Ecole Normale Superieure de Lyon
--- End Message ---
--- Begin Message ---
- To: rainer.dorsch@informatik.uni-stuttgart.de
- Cc: Pascal DEGIOVANNI <Pascal.Degiovanni@ens-lyon.fr>
- Subject: Naive question...
- From: Sébastien Chaumat <schaumat@ens-lyon.fr>
- Date: Thu, 23 Sep 1999 16:25:32 +0200 (CEST)
- Message-id: <Pine.LNX.3.96.990923162205.2412B-100000@mercure.ens-lyon.fr>
Hello, Hum... After some thought, we have a naive question... The keylogin module gets the user's secret key from the getsecretkey function which is part of the glibc library. But this function has te be able to send requests to the NIS+ server to get an answer as it is told in the /etc/nsswitch.conf file. Are we sure that the popato glibc is able to do that ? Maybe you could forward this to the debian glibc people ? Regards, Seb. & Pascal. Sebastien Chaumat Laboratoire de Physique Ecole Normale Superieure de Lyon
--- End Message ---
--- Begin Message ---
- To: rainer.dorsch@informatik.uni-stuttgart.de
- Subject: progress
- From: Sébastien Chaumat <schaumat@ens-lyon.fr>
- Date: Thu, 23 Sep 1999 17:18:50 +0200 (CEST)
- Message-id: <Pine.LNX.3.96.990923165902.2412E-100000@mercure.ens-lyon.fr>
- Reply-to: Sébastien Chaumat <schaumat@ens-lyon.fr>
Hi Comparing pam_keylogin.c and keylogin.c it appears that: 1) in keylogin.c (works well) there is : getnetname (fullname); if (!getsecretkey (fullname, (char *)&net.st_priv_key, getpass (_("Password:")))) 2) in pam_keylogin.c (doesn't work) there is : if (!getsecretkey (fullname, (char *)&net.st_priv_key, p)) and netname is obtained from : if (user_pwd && user_pwd->pw_uid == 0) { char hostname[MAXHOSTNAMELEN + 1]; gethostname (hostname, MAXHOSTNAMELEN); snprintf (netname, MAXNETNAMELEN, "unix.%s@%s", hostname, domain); } else { snprintf (netname, MAXNETNAMELEN, "unix.%d@%s", user_pwd->pw_uid, domain); } I feel that the problem is there and that pam_keylogin should use a getnetname(netname) instead. I'm not a C programmer so my attemps are not supposed to work... Seb, Sebastien Chaumat Laboratoire de Physique Ecole Normale Superieure de Lyon
--- End Message ---