RE: How do I...?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,


  As a guy who's built his own distro up from source 
code, this seems pretty straight forward to me.

  If you want a password-less "single user" local
login, then try replacing the /sbin/mingetty entries in
/etc/inittab with /bin/sh   That will leave you with root
shells on each of the console ttys.  Alternatively, you
can spawn a shell on a tty directly from your init 
binary (my embedded distro doesn't have an inittab; but
your Redhat distros will).

  If you want a password-less "single user" remote
login, then you'll need to get a copy of Netcat that
supports command execution (the "-e" option) and
set yourself up a script that says something like;
  nc -l -p 23 -e /bin/sh -d

  Optionally this could be tweaked to work out of 
/etc/inetd.d/something (if you run an inetd) ... YMMV
However you deploy it, make sure it respawns or 
you'll only every get one user on.


  For what its worth, once you have more that one
user in your environment, you want to have security;
no matter how isolated those 2+ users are.




----- Original Message -----
>From: "Stephen Goggin" <sgoggin@xxxxxxxxxxxxx>
>To: "Pluggable Authentication Modules" <pam-list@xxxxxxxxxx>
>Subject:  RE: How do I...?
>Date: Tue, 30 Oct 2007 21:09:23 -0500
>
> Because our software team's code has only been guaranteed
on those 3 OS'
> 
> 
> 
> 
> 
> Stephen Goggin
>  
> Test Engineer
> NetEffect, Inc.
> 9211 Waterford Centre Blvd.
> Austin, TX 78758
> Email: sgoggin@xxxxxxxxxxxxx
>  
> 512.493.3232 :Desk
> 512.983.1939 :Mobile
> 512.493.3393 :Fax
> 
> -----Original Message-----
> From: pam-list-bounces@xxxxxxxxxx
[mailto:pam-list-bounces@xxxxxxxxxx]
> On Behalf Of Gary L. Greene Jr.
> Sent: Tuesday, October 30, 2007 1:02 PM
> To: Pluggable Authentication Modules
> Subject: Re: How do I...?
> 
> On Tuesday 30 October 2007 09:28:39 am Stephen Goggin wrote:
> > No no.
> >
> > The problem is this:
> >
> > I have a PXE server set up and working. I set up a
system and made a
> PXE
> > image of it.
> >
> > When I PXE boot a system, it hangs before the login prompt.
> >
> > I had seen this once before, and commenting a line from
a file in
> > /etc/pam.d/ fixed it.
> >
> > I haven't been able to find the solution now that it has
arisen again
> > (We re-made the PXE image)...
> >
> > So, I posted to some forums and this mailing list, and
didn't get any
> > replies at all.
> >
> > So, now I want to set up a new system, in either
RHEL4U4, FC4, or FC5,
> > with *NO* PAM anywhere on the machine at all, so that it
won't get in
> > the way in the future.
> >
> > We have no security needs AT ALL. We're using rlogin
with cleartext,
> and
> > rebooting each station approximately every 3 minutes, so
security
> means
> > nothing to us...
> >
> >
> > I appreciate all the help you've provided thus far!
> >
> >
> >
> > Stephen Goggin
> >
> > Test Engineer
> > NetEffect, Inc.
> > 9211 Waterford Centre Blvd.
> > Austin, TX 78758
> > Email: sgoggin@xxxxxxxxxxxxx
> >
> > 512.493.3232 :Desk
> > 512.983.1939 :Mobile
> > 512.493.3393 :Fax
> >
> > -----Original Message-----
> > From: pam-list-bounces@xxxxxxxxxx
[mailto:pam-list-bounces@xxxxxxxxxx]
> > On Behalf Of Barry Brimer
> > Sent: Tuesday, October 30, 2007 11:13 AM
> > To: Pluggable Authentication Modules
> > Subject: RE: How do I...?
> >
> > Maybe I am not fully understanding your question.  Are
trying to have
> a
> > system
> > that doesn't provide a login prompt whatsoever .. but
automatically
> logs
> > in and
> > provides a shell .. runs a program, etc?  My solution
was to not
> require
> > a
> > password to a login.
> >
> > Quoting Stephen Goggin <sgoggin@xxxxxxxxxxxxx>:
> > > Thanks for the quick reply!
> > >
> > > However, this didn't do the trick, it still gives no
login prompt...
> > >
> > >> -----Original Message-----
> > >
> > > From: pam-list-bounces@xxxxxxxxxx
> [mailto:pam-list-bounces@xxxxxxxxxx]
> > > On Behalf Of Barry Brimer
> > > Sent: Monday, October 29, 2007 5:14 PM
> > > To: Pluggable Authentication Modules
> > > Subject: RE: How do I...?
> > >
> > >
> > > 1.  Backup /etc/pam.d
> > > 2.  Have a bootable CD that you can use to regain
access to your
> >
> > system
> >
> > > if this
> > > encounters any issues.
> > > 3.  Double check steps 1 and 2.
> > > 4.  Open 2 root terminals in case you accidentally
close one of them
> > > 5.  Delete the contents of the /etc/pam.d directory
> > > 6.  Create a file named 'other' in /etc/pam.d
> > > 7.  Put the following in /etc/pam.d/other
> > >
> > > auth              sufficient   pam_permit.so
> > > account           sufficient   pam_permit.so
> > > password          sufficient   pam_permit.so
> > > session           sufficient   pam_permit.so
> > >
> > > 8.  Test.
> > > 9.  If this doesn't work, replace sufficient with
required in all
> >
> > lines
> >
> > > above.
> > >
> > > Quoting Stephen Goggin <sgoggin@xxxxxxxxxxxxx>:
> > > > All of the above. I've spent a week trying to find
the answer to
> my
> > >
> > > diskless
> > >
> > > > RHEL4 setup, and I'm sure my boss expected more
results. No one on
> >
> > any
> >
> > > > mailing lists or web forums were of any help
whatsoever...
> > > >
> > > > So, Our PXE network is entirely contained. We don't
even need the
> > >
> > > security we
> > >
> > > > have using cleartext over rlogin, which is none...
> > > >
> > > > I need a small, simple setup with scanpci and rlogin
to run tests
> > >
> > > on...
> > >
> > > > -----Original Message-----
> > > > From: pam-list-bounces@xxxxxxxxxx on behalf of Barry
Brimer
> > > > Sent: Mon 10/29/2007 3:55 PM
> > > > To: Pluggable Authentication Modules
> > > > Subject: Re: How do I...?
> > > >
> > > > Quoting Stephen Goggin <sgoggin@xxxxxxxxxxxxx>:
> > > > > How would one go about setting up a RHEL4U4 or FC4
or FC5 box
> > >
> > > without any
> > >
> > > > PAM
> > > >
> > > > > whatsoever?
> > > >
> > > > What is your goal exactly?  Elimintating PAM, having
logins that
> >
> > don't
> >
> > > > require
> > > > passwords, or something else entirely?
> > > >
> > > >
> > > >
> > > > _______________________________________________
> > > > Pam-list mailing list
> > > > Pam-list@xxxxxxxxxx
> > > > https://www.redhat.com/mailman/listinfo/pam-list
> > >
> > > _______________________________________________
> > > Pam-list mailing list
> > > Pam-list@xxxxxxxxxx
> > > https://www.redhat.com/mailman/listinfo/pam-list
> > >
> > > _______________________________________________
> > > Pam-list mailing list
> > > Pam-list@xxxxxxxxxx
> > > https://www.redhat.com/mailman/listinfo/pam-list
> > >
> > > !DSPAM:47275521302229235997293!
> >
> > _______________________________________________
> > Pam-list mailing list
> > Pam-list@xxxxxxxxxx
> > https://www.redhat.com/mailman/listinfo/pam-list
> >
> > _______________________________________________
> > Pam-list mailing list
> > Pam-list@xxxxxxxxxx
> > https://www.redhat.com/mailman/listinfo/pam-list
> 
> Why not use a distribution that doesn't use PAM, like
Slackware? Reason
> I ask 
> is that it will likely be far easier to eliminate all use
of PAM by
> using a 
> distro that has decided not to use it at all.
> 
> -- 
> Gary L. Greene, Jr.
> Sent from: peorth.tolharadys.net
>  10:55:27 up 5 days, 14:15,  1 user,  load average: 0.10,
0.14, 0.16
>
========================================================================
> ==
> Developer and Project Lead for the AltimatOS open source
project
> Volunteer Developer for the KDE open source project
> See http://www.altimatos.com/ and http://www.kde.org/ for more
> information
>
========================================================================
> ==
> 
> Please avoid sending me Word or PowerPoint attachments.
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/pam-list
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/pam-list
> 

--
RingBurn.com
"Where there's smoke, there's fire"

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux