Yes, that helps. It underscores how inadequate the pam man page is.
Looking through the online (web accessible) man pages for pam is...
(you'd have to read them to get the joke).
Brian Brunner
brian.t.brunner@xxxxxxxxxxxxxxx
(610)796-5838
>>> nalin@xxxxxxxxxx 01/16/04 03:37PM >>>
On Thu, Jan 15, 2004 at 02:15:18PM -0500, Brian T. Brunner wrote:
> Embedded application, runs as root, no local users,
>
> Information needed: what files & settings therein prevent
> root-to-root rcp.
Modify /etc/hosts.equiv or the target system's superuser's ~/.rhosts
file to list the client server and user. Modify /etc/pam.d/rsh, adding
"promiscuous" to the set of options passed to the pam_rhosts_auth.so
module. Add "rsh" to the list of ttys in /etc/securetty. [1] Enable
the server by running "chkconfig rsh on". Adjust any firewall the
server has.
HTH,
Nalin
[1] The rsh server doesn't allocate a tty because the protocol doesn't
use one, so it sets the tty to "rsh" for pam_securetty's benefit.
--
Shrike-list mailing list
Shrike-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/shrike-list
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept
for the presence of computer viruses.
www.hubbell.com - Hubbell Incorporated
**********************************************************************
--
Shrike-list mailing list
Shrike-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/shrike-list
