Bug 14326

Summary: kerberos4 pam-related breakage in current
Product: Base System Reporter: randy
Component: miscAssignee: freebsd-bugs (Nobody) <bugs>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: Unspecified   
Hardware: Any   
OS: Any   

Description randy 1999-10-14 16:20:00 UTC 
From: Randy Bush <randy@psg.com>
To: Mark Murray <mark@grondar.za>
Subject: Re: k4 and -current
Date: Wed, 13 Oct 1999 16:27:22 -0700

> OK - duplicate all the lines in pam.conf that begin with
> "login", and replace the regex "^login" with "rlogind" for
> the duplicated case.

> Repeat except replace with "rshd".

done

    # If you want KerberosIV authentication, uncomment the next line:
    login   auth    sufficient      pam_kerberosIV.so       try_first_pass
    shell   auth    sufficient      pam_kerberosIV.so       try_first_pass
    rlogind auth    sufficient      pam_kerberosIV.so       try_first_pass
    rshd    auth    sufficient      pam_kerberosIV.so       try_first_pass

> Let me know as much as possible about the failure after
> that...

roam.psg.com:/usr/home/randy> rsh rip ls
rsh: kcmd: connection unexpectedly closed.
Login incorrect.
roam.psg.com:/usr/home/randy> rsh rip ls
rsh: kcmd: connection unexpectedly closed.
Login incorrect.
roam.psg.com:/usr/home/randy> rsh -x rip ls
rsh: kcmd: connection unexpectedly closed.
rsh: the -x flag requires Kerberos authentication
roam.psg.com:/usr/home/randy> rlogin rip
rlogin: remote host doesn't support Kerberos: Connection refused
^C
roam.psg.com:/usr/home/randy> rlogin -x rip
rlogin: krcmd_mutual: Generic kerberos error (kfailure)
rlogin: the -x flag requires Kerberos authentication

Oct 13 16:22:00 rip rshd[84249]: connect from roam.psg.com
Oct 13 16:22:00 rip rshd[84249]: no modules loaded for `rshd' service
Oct 13 16:22:00 rip rshd[84249]: auth_pam: Permission denied
Oct 13 16:22:00 rip rshd[84249]: PAM authentication failed
Oct 13 16:22:00 rip rshd[84249]: randy@roam.psg.com as randy: permission denied. cmd='ls'
Oct 13 16:22:51 rip rshd[84268]: connect from roam.psg.com
Oct 13 16:22:51 rip rshd[84268]: connection from 147.28.0.38 on illegal port 5120
Oct 13 16:22:51 rip rshd[84269]: connect from roam.psg.com
Oct 13 16:22:51 rip rshd[84269]: no modules loaded for `rshd' service
Oct 13 16:22:51 rip rshd[84269]: auth_pam: Permission denied
Oct 13 16:22:51 rip rshd[84269]: PAM authentication failed
Oct 13 16:22:51 rip rshd[84269]: randy@roam.psg.com as randy: permission denied. cmd='ls'
Oct 13 16:24:35 rip rshd[84313]: connect from roam.psg.com
Oct 13 16:24:35 rip rshd[84313]: usage: rshd [-alnDL]
Oct 13 16:24:51 rip rlogind[84326]: usage: rlogind [-Dalnx]
Oct 13 16:24:51 rip rlogind[84326]: Connection from 147.28.0.38 on illegal port

How-To-Repeat: kerberos 4 rlogin/rsh to a -current host
Comment 1 Mike Barcroft freebsd_committer freebsd_triage 2001-07-21 03:09:54 UTC 
State Changed
From-To: open->feedback


Does this problem still occur in newer versions of FreeBSD, 
such as 4.3-RELEASE?
Comment 2 Sheldon Hearn freebsd_committer freebsd_triage 2002-01-17 16:12:05 UTC 
State Changed
From-To: feedback->closed

Automatic feedback timeout.  If additional feedback that warrants 
the re-opening of this PR is available but not included in the 
audit trail, please include the feedback in a reply to this message 
(preserving the Subject line) and ask that the PR be re-opened.