Operating System - HP-UX
1748139 Members
3874 Online
108758 Solutions
New Discussion юеВ

remsh and /etc/nsswitch.conf

 
SOLVED
Go to solution

remsh and /etc/nsswitch.conf

When I try to remsh from host A to host B, I get a message "login incorrect". Other facts are: 1) Host A is not registered in DNS. 2)Host B's /etc/nsswitch.conf uses DNS NIS and then FILES.

When I switch the order in /etc/nsswitch.conf to NIS FILES DNS, remsh from host A to host B DOES work.

What I don't understand is why should I have to switch the order in /etc/nsswitch.conf if for example NSLOOKUP on host A DOES find host B in NIS even when I DON'T switch the order (i.e. the order is DNS, NIS, FILES and each service "continues" on to the next service) ?
10 REPLIES 10
John Waller
Esteemed Contributor

Re: remsh and /etc/nsswitch.conf

Elliott,

This won't help, but what version of HP-UX are you using. I have exactly the same situation on a HP-UX 11.00 system so I am beginning to wonder if we have discovered a small undocumented feature (bug)
S.K. Chan
Honored Contributor

Re: remsh and /etc/nsswitch.conf

I'm assuming you have [NOTFOUND=continue] in your file. Try using
[TRYAGAIN=continue]
How does the entry in nsswitch.conf looks like?
Sachin Patel
Honored Contributor

Re: remsh and /etc/nsswitch.conf

Hi
Try using
DNS[NOTFOUND=continue UNAVAL=continue] NIS [NOTFOUND=continue UNAVAL=continue] files
in nsswitch.conf file.

Sachin
Is photography a hobby or another way to spend $

Re: remsh and /etc/nsswitch.conf

To all:

I'm using hp/ux 11.0.

host A's /etc/nsswitch.conf is as follows.
hosts: dns [NOTFOUND=continue UNAVAIL=continue TRYAGAIN=continue] nis [NOTFOUND=continue UNAVAIL=continue TRYAGAIN=continue] files

Once again I'd like to mention that nslookup for a host that doesn't exist in DNS does find the host in NIS using the above configuration (like it should work), it's remsh'ing from host B that doesn't work.

Bill Hassell
Honored Contributor

Re: remsh and /etc/nsswitch.conf

For added security (since the 'r' commands are just a bit unsecure), the destination host will try to validate who's knocking on the door. This is done by querying the nameserver, whatever that may be. If it is not found (reverse lookup), then it is assumed the incoming 'r' command is being spoofed.

I can't explain the NIS versus DNS behavior other than to use nslookup to retrieve the hostname by looking up the IP address and see what source nslookup got an answer.

My suggestion would be to use files first. Now the /etc/hosts file does not have to contain every IP address, only those that are important and frequently used. There is a major reliability advantage here: DNS and NIS servers must be extremely reliable as well as the routes to these servers.

If something goes wrong with NIS/DNS, exceedingly long delays (30+ seconds) will be incurred in all sorts of unexpected places, from backups (30 to 90 second delay per file!) to difficulties with 'r' commands that seem to hang (wait long enough and they get through), and so on. This can affect every computer on the network that uses DNS/NIS first.

And from a network load and overall performance point of view, having common IP addresses locally resolved can significantly improve performance in some cases. A good example is that most commercial network backup programs ask for host/IP information for every file...backup a million files and a million DNS/NIS requests will be issued.


Bill Hassell, sysadmin
S.K. Chan
Honored Contributor

Re: remsh and /etc/nsswitch.conf

Do you have any other entries in nsswitch.conf apart from "hosts:" ? Did you try putting "services:" in A and resolve in the same order as for "hosts:" ?

Re: remsh and /etc/nsswitch.conf

Bill,
As far as what you mentioned:
"I can't explain the NIS versus DNS behavior other than to use nslookup to retrieve the hostname by looking up the IP address and see what source nslookup got an answer."
I did an NSLOOKUP on the ip address for host A and DNS returned an obsolete name (i.e. the name returned was not host A but rather "xxxxx" - I guess the name that was originally assigned in DNS to the IP address but was never updated). Does this have anything to do with my problem ??

Re: remsh and /etc/nsswitch.conf

S.K. Chan,

As far as I know from man pages "services" has nothing to do with the procedure that remshd uses on the remote node, and I do not have any other line other that hosts in the /etc/nsswitch.conf file.
Darrell Allen
Honored Contributor
Solution

Re: remsh and /etc/nsswitch.conf

I think you've found it. You can try temporarily adding the obselete name in your .rhosts file until DNS gets updated.

I also like files first and only put what's neccessary in /etc/hosts.

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)