Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Neil W Rickert
December 21, 2003, 3:55 am
rate this thread
I am using nis+ on our solaris 8 systems. Home directories are
NFS mounted with secure nfs (requires the nisplus credentials).
If I use ssh to login to a client machine, all is fine.
If I use ssh to login to one of our servers, there are problems.
Specifically, the credentials have not been properly registered with
keyserv, and as a result NFS mounted home directories are not
accessible. I can use the "keylogin" command to correct the
On the client machine, the shadow data is not accessible without the
credentials. Presumably because of this, the PAM routines properly
establish credentials so that they can get the shadow data to
validate the password.
On the server machines, the root user can access the shadow data
without credentials first being established. Apparently this
shortcut route is used, causing the problem.
It makes no difference whether I set "PasswordAuthentication no".
Either way, challenge response authentication is used.
By way of comparison, "rlogin" does work properly on either client or
server. Here "server" means a nis+ server that is in the admin
The relevant auth entries from pam.conf
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_authtok_get.so.1
rlogin auth required pam_dhkeys.so.1
rlogin auth required pam_unix_auth.so.1
other auth requisite pam_authtok_get.so.1
other auth required pam_dhkeys.so.1
other auth required pam_unix_auth.so.1
Since there was nothing relevant in ".rhosts" in my tests with
rlogin, I would have thought both should behave the same.
First login to the server, and use: keylogout
(this de-registers credentials)
Next try to login with ssh
try to login with rlogin
After each login, check whether credentials are registered with
keyserv . The simplest check is to try accessing a secure-nfs
mounted file system.
- » Status of email@example.com authentication in OpenSSH?
- — Next thread in » Secure Shell Forum
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum