- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- 11.31 can't remsh as NIS user
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-11-2008 12:13 PM
09-11-2008 12:13 PM
I need to remsh to issue commands into a 11.31 system (I understand it's insecure, etc but I need remote shell). rsh from other platforms and remsh HPUX work as root but fail as other NIS defined users. No other NIS problems, and this problem is not on older HPUX. 11.31 was installed in an insecure config, obviously since telnet and rsh work for some people.
/.rhosts and /etc/hosts.equiv are "+ +" (originally just "+") and permissions tested as 644,640,600.
All indications are this may be a Pam/Kerberos issue and I added the following 7 lines to pam.conf (rest of pam.conf unchanged)
# tail -7 /etc/pam.conf
# Added the following per HP doc B2355-91061
# to allow remsh for NIS accounts
rcomds auth required /usr/lib/security/libpam_unix.1
rcomds account required /usr/lib/security/libpam_unix.1
#
rcomds auth required /usr/lib/security/libpam_dce.1
# End of remsh/rsh and NIS modification
I read pages near 238 of
http://docs.hp.com/en/B2355-91020/B2355-91020.pdf
and see that "shell" is using standard port 514, insecure so I feel that's correct.
All other NIS items function well (telnet, automounting home, etc).
Thoughts? Additional questions?
Thanks in advance,
Steven
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-11-2008 03:00 PM
09-11-2008 03:00 PM
Re: 11.31 can't remsh as NIS user
Any errors in the syslog.log on the 11.31 server from remshd?
Any errors on the remsh client?
What does the inetd.conf line look like for remshd? Did you try turning off kerberos? Did you try turning off tcp6?
So if you telnet to the 11.31 server and login as an nis user does it succeed?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-12-2008 07:56 AM
09-12-2008 07:56 AM
Re: 11.31 can't remsh as NIS user
Since all non-root users allowed to login are in NIS, I manually added a user "junk" on this system and my test client and that also failed.
Syslog error:
remshd[10993]: load_modules: can not open module /usr/lib/security/libpam_unix.so.1
remshd[10993]: PAM Status - 1, PAM Error Message - Shared object load failure
---
Link libpam_unix.so.1 does exist and points to libpam_unix.1
The remsh client gets the error:
remshd: Login incorrect
inetd.conf entries:
# grep remsh /etc/inetd.conf
shell stream tcp6 nowait root /usr/lbin/remshd remshd
#kshell stream tcp6 nowait root /usr/lbin/remshd remshd -K
kshell stream tcp6 nowait root /usr/lbin/remshd remshd
I am unsure how to turn off kerberos.
I did try the following:
remsh SERVER ls -P
as an NIS user, and it had the same error.
I've also read the 'sis' man page but still unsure how to disable kerberos.
I haven't considered tcp6, but other services with tcp6 in inetd.conf (like telnet) work fine.
telnet works fine for NIS and root.
Thanks!
Steven
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-12-2008 09:06 AM
09-12-2008 09:06 AM
Re: 11.31 can't remsh as NIS user
Try adding the two "rcomds" lines in /etc/pam.conf as in the bottom of
http://docs.hp.com/en/B2355-90827/ch05s02.html
You can add them together at the bottom of the file or add the "auth" line in the autentication section and the "account" line in the account management section.
I don't think you need to do anything with kerberos.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-12-2008 11:03 AM
09-12-2008 11:03 AM
Re: 11.31 can't remsh as NIS user
# grep rcomds /etc/pam.conf
rcomds auth required libpam_hpsec.so.1
rcomds auth required libpam_unix.so.1
rcomds account required libpam_hpsec.so.1
rcomds account required libpam_unix.so.1
rcomds session required libpam_hpsec.so.1 bypass_limit_login
rcomds session required libpam_unix.so.1
rcomds auth required /usr/lib/security/libpam_unix.1
rcomds account required /usr/lib/security/libpam_unix.1
#rcomds auth required /usr/lib/security/libpam_unix.so.1
#rcomds account required /usr/lib/security/libpam_unix.so.1
####rcomds auth required /usr/lib/security/libpam_dce.1
Other thoughts ??? Did I understand the right lines needed?
Thanks, Steven
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-13-2008 10:40 AM
09-13-2008 10:40 AM
Solutionrcomds auth required libpam_hpsec.so.1
rcomds auth required libpam_unix.so.1
rcomds account required libpam_hpsec.so.1
rcomds account required libpam_unix.so.1
rcomds session required libpam_hpsec.so.1 bypass_limit_login
rcomds session required libpam_unix.so.1
What is in the syslog.log now that you added these lines?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-15-2008 11:01 AM
09-15-2008 11:01 AM
Re: 11.31 can't remsh as NIS user
I added those 6 lines, and commented all the other rcomds lines in the file, and I'm set.
Thanks SO much TTr !
Steven
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-15-2008 11:02 AM
09-15-2008 11:02 AM