Mail Archives: cygwin/2002/10/25/18:51:54
Before someone else brings this up: although blanking the "Unused by...."
does allow anyone to rsh into the machine. It also adds a nasty artifact in
that anyone can login as anyone else by using the -l option (rsh hostname -l
different_user). It looks like ever since 1.3.2 you have had to use a
hosts.equiv or .rhosts file.
Simplest way is to add a file callled hosts.equiv to etc and include a list
of all machines that should be allowed to access this machine. Unfortunatly
using the documented "+" in this file doesn't seem to work anymore (Note:
it no longer works on RH Linux 7.2 either unless you set /etc/pam.d/rsh and
rlogin to "permiscuis".. an option not avaliable to cygwin). Personally, I
use a perl script to cull the hosts file from my dns server to do generate
this file once a day. I've never gotten an answer from the list on how to
get the "+" entry to work and would welcome any solution to that problem.
Documentation on all this seems rather limited and often apocryphal as
specific to cygwin.
Bruce D
----- Original Message -----
From: "Andrew DeFaria" <ADeFaria AT Salira DOT com>
Cc: <cygwin AT cygwin DOT com>
Sent: Friday, October 25, 2002 3:23 PM
Subject: Re: Problem with rsh
> David Rothenberger wrote:
>
> >Check your /etc/passwd file and make sure there is no entry in the
password field (the second field). You want something like this:
> >
> >someuser::11150:...
> >
> >and not something like this:
> >
> >someuser:unused_by_nt/2000/xp:11150:...
> >
> >An easy way to check if this is the culprit is to try doing an
> >rlogin. For me, this will ask me for a password and then succeed if I
have an entry in the password field. If the password field is empty, it
succeeds without asking for a password.
> >
> Wham! Good answer! It works!
>
> Actually I viewed the "unused_by_nt/2000/xp" string as ugly and replaced
> it with the traditional "*" instead. But you're right, if you put
> anything in there it gives me a Permission denied for "rsh <machine>
> <command>". Looks like some security checking got tightened up.
>
> This does lead to a question as I believe some other services (ssh?
> exim? I forget) require that you put an actual passwd in /etc/passwd.
> They also described how to generate the crypt string. I've done this on
> my home machine so I copied that encrypted string to my work machine and
> I still get permission denied. Sounds like it's still a problem but at
> least I have a workaround for work. Thanks.
>
> >
> >Andrew DeFaria wrote:
> >
> >
> >>I've run into a major problem using rsh. Note that I've been using rsh
> >>successfully for a while and many people here depend on being able to
> >>rsh into the server. However now I get:
> >>
> >>$ rsh server id
> >>server.mydomain.com: Permission denied.
> >>
> >>
>
> --
>
> Salira <http://www.salira.com>
> Ethernet Simple, Fiber Fast
>
> 5451 Patrick Henry Drive
> Santa Clara, CA 95054
> Phone: (408)-845-5321
> Fax: (408)-845-5205
> Email: ADeFaria AT Salira DOT com
> <mailto:Andrew%20DeFaria%20%3CADeFaria AT Salira DOT com%3E>
> Web: http://www.salira.com
>
> Instant Messaging
> AIM:
> defaria
> MSN:
> Andrew AT DeFaria DOT com
> Yahoo:
> andrew_defaria
> ICQ #:
> 23552673
>
>
> Andrew DeFaria <http://DeFaria.com>
> Clearcase Administrator
> Email: Andrew AT DeFaria DOT com <mailto:Andrew AT DeFaria DOT com>
> Web: http://DeFaria.com
>
>
>
>
>
>
>
> --
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting: http://cygwin.com/bugs.html
> Documentation: http://cygwin.com/docs.html
> FAQ: http://cygwin.com/faq/
>
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -