03-05-2007
my os is SCO 5.0.6
see man .k5login
and both server user name and passwd set same for connection/rlogin
related files .rhosts , .k5login, /etc/hosts , /etc/hosts.equiv
pankaj
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
From any computer on our network when you rlogin into one machine (this only happens on this machine) it'll hang for about 3 minutes before loggin into that machine. If your sick of waiting you can do a <ctrl> C and then it'll rlogin into the machine it is meant to BUT it wont keep the shell... (1 Reply)
Discussion started by: merlin
1 Replies
2. UNIX for Advanced & Expert Users
hi !
i ve a problem with rlogin. i have a server from which only root user can Rlogin other servers.
other users can t rlogin, they get the following error :
"rcmd2: socket: The file access permissions do not allow the specified action"
Does somebody can help ?
Thanks,
Karine (3 Replies)
Discussion started by: karine
3 Replies
3. Shell Programming and Scripting
I'm comparing a table from two databases on two different servers to check for equality.
1. How do I use rlogin from a script , is it like this ?
rlogin -l $username $server1
where $username and $server1 are passed from the command line.
2.create a copy of that table, compress it and... (3 Replies)
Discussion started by: seaten
3 Replies
4. Cybersecurity
does anyone know how to stop rlogin to my sunsolaris
so I have 2 machines...I can not telnet one becouse that is not allowed but I can telnet the other and do rlogin to first one..I want to stop that..
so..
telnet A from C machine - works
telnet B from C machine - does not work
but... (3 Replies)
Discussion started by: amon
3 Replies
5. IP Networking
On the HP-UX hostA, the command rlogin hostB generates the error "rlogind: Host address mismatch" even though the hostname & IP of hostA are defined in the .rhosts file and the /etc/hosts files of hostB respectively. The IP and the hostname of hostB are defined in the /etc/hosts file of hostA. (1 Reply)
Discussion started by: vijaysharma.vs
1 Replies
6. UNIX for Advanced & Expert Users
Dear Experts,
i want to make one script ,by running that script it should rlogin from one mashine to another and the username and passord should be in the script so that it could not ask from me the username and password of another machine from me .
please help me out.
Regards,
SHARY (1 Reply)
Discussion started by: shary
1 Replies
7. HP-UX
on the system, sometimes the rlogin command can not login the remote node,but ping command can echo the packet. if the inetd domean restarted , rlogin runs normally. We want to know what cause the rlogin failed and how to fix it. (2 Replies)
Discussion started by: Frank2004
2 Replies
8. Shell Programming and Scripting
Hi all,
i need to remotely execute a couple of commands on anyother server, but rsh is not allowed. for that matter i am bound to use rlogin. so what i am trying to do in the script is :
1) rlogin asad
2) Wait for Login prompt
3) Waiting for Password Prompt
4) Once authenticated, execute... (4 Replies)
Discussion started by: asadlone
4 Replies
9. UNIX for Dummies Questions & Answers
Hi,
in my environment we have several server with rlogin passwordless login enabled, now there is a problem to setup this with a hpux server. i have check the .rhosts file and kerberos key are all setup properly and permission is correct, even other user id on the server can login without... (3 Replies)
Discussion started by: robertngo
3 Replies
10. UNIX for Dummies Questions & Answers
Hello,
When I try and RSH/RLOGIN onto a box with user root, I get the prompt but the username/password combination NEVER work. I have the password up properly on the host machine. Does rsh/rlogin not make use of ./etc/passwd and /etc/shadow? (1 Reply)
Discussion started by: mojoman
1 Replies
LEARN ABOUT SUNOS
krb5_auth_rules
krb5_auth_rules(5) Standards, Environments, and Macros krb5_auth_rules(5)
NAME
krb5_auth_rules - Overview of Kerberos V5 authorization
DESCRIPTION
When a user uses kerberized versions of the ftp, rdist, rcp, rlogin, rsh, or telnet clients to connect to a server, even if the user's
claimed Kerberos V5 identity is authenticated, the user is not necessarily authorized. Authentication merely proves that the user is "who
he says he is" to the Kerberos V5 authentication system. Authorization also needs to be done, since it determines if that Kerberos identity
is permitted to access the Solaris user account that the client wants to access.
Each user may have a private authorization list in a file ~/.k5login in his login directory (on the server). Each line in this file should
contain a Kerberos principal name of the form principal/instance@realm. If the server finds a ~/.k5login file, then access is granted to
the account if and only if the originating user is authenticated to one of the principals named in the ~/.k5login file.
If there is no ~/.k5login file, the originating user will then be checked against the gsscred table (see gsscred(1M)). If the originating
user's Kerberos V5 identity is in the gsscred table, and if the UNIX user id in the gsscred table corresponds to the user account the
client is trying access, then the originating user is granted access to the account on the server. If the UNIX user id does not match, then
the originating user is denied access.
For example, suppose the originating user has a principal name of jdb@ENG.ACME.COM and the target account is jdb-user. If jdb@ENG.ACME.COM
appears in the gsscred table with uid 23154 and if jdb-user appears in the user account database (see passwd(4)) with uid 23154, then
access to account jdb-user is granted. Of course, normally, the target account name in this example would be jdb and not jdb-user.
Finally, if there is no ~/.k5login file and if the originating user's Kerberos V5 identity is not in the gsscred table, then the user will
be granted access to the account if and only if all of the following are true:
o The user part of the authenticated principal name is the same as the target account name specified by the client.
o The realm part of the client and server are the same.
o The target account name exists on the server.
For example, if the originating user has a principal name of jdb@ENG.ACME.COM and if the server is in realm SALES.ACME.COM, then even if
jdb is a valid account name on the server, the client would be denied access. This is because the realms SALES.ACME.COM and ENG.ACME.COM
differ.
FILES
~/.k5login Per user-account authorization file.
/etc/passwd System account file. This information may also be in a directory service. See passwd(4).
ATTRIBUTES
See attributes(5) for a description of the following attributes:
+-----------------------------+-----------------------------+
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
+-----------------------------+-----------------------------+
|Interface Stability |Evolving |
+-----------------------------+-----------------------------+
SEE ALSO
ftp(1), rcp(1), rdist(1), rlogin(1), rsh(1), telnet(1), gsscred(1M), passwd(4), attributes(5), gss_auth_rules(5)
NOTES
To avoid security problems, the ~/.k5login file must be owned by the remote user.
SunOS 5.10 13 Apr 2004 krb5_auth_rules(5)