Hi,

I have a cluster that--please bear with me--requires the use of root rsh and
rlogin. These are instantaneous from the nodes (30 dual Pentium III 933 MHz
Dell 1150's to the controller (a dell poweredge 4400), but S L O W from the
controller to any one of the nodes. All machines are interconnected through
a 100mb switch, and all machines run RedHat LINUX 7.1. The nodes are on
their own separate network, with the controller provided with a gateway for
that network.

For the rlogin/rsh business, I added rsh,rexec,and rlogin to securetty and
modified /etc/pam.d/rsh (rlogin, rexec) as follows, so that rsh (rlogin,
rexec) would allow root login:

#auth required /lib/security/pam_securetty.so
auth requisite /lib/security/pam_securetty.so

But, ladies and gentlemen, it's abysmally slow in one direction, and fast in
the opposite direction. What further information do I need to provide you?

I know I SHOULD be using SSH--I'm not in a position to experiment to
determine Platform Computing's LSF's interoperability with SSH; I'd like to
get this to work, and then I'll do the right thing. Also, I'm going in for
surgery on Wednesday, so go easy on me.

Regards,
F. Lengyel

-----Original Message-----
From: Johnson, Paul [mailto:Paul.Johnsonmarconi.com]
Sent: Thursday, November 22, 2001 5:54 AM
To: 'pam-listredhat.com'
Subject: RE: authentication proxy?

I spent some time looking for something like this. Unfortunately I could'nt
find anything.

I agree it would be very handy to have. In addition to your application
(which is an interesting one that had not occured to me) you could also have
the connection over the network, allowing for one single sophisticated
authentication engine on a central server and lots of slaves hanging off it.
I could really have done with that recently, for various complicated
reasons.

There would need to be a secure link between client and server, but as far
as I can see this would only need ssh to do: it has a mode where you can set
up a Unix socket at the client end which ends up talking to a daemon at the
server end. Any protocol can then be tunneled through it. So that would
take care of security.

Paul.

> -----Original Message-----
> From: Helge Bahmann [mailto:bahmannmath.tu-freiberg.de]
 
> I have an application supporting pam, but it is running with
> insufficient
> privileges to do authentication against the system (shadow) password
> database. The application is not designed to run with
> elevated privileges
> [...]my
> idea is to have a small local "authentication proxy" with sufficient
> privileges to do the authentication, communicating with the
> application
> through unix domain sockets or similiar.

_______________________________________________
Pam-list mailing list
Pam-listredhat.com
https://listman.redhat.com/mailman/listinfo/pam-list

_______________________________________________
Pam-list mailing list
Pam-listredhat.com
https://listman.redhat.com/mailman/listinfo/pam-list

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]