paul@eye.com (Paul B. Booth) (01/29/91)
Anyone seen this?: I've got a dn10k wired into a net of hp 9000's. I'd like
to be able to login to the 10K as root from the net (I'm sysadmin here, so this
is no idle wish :-)). Seems to be impossible. Telnet takes the root login and
(correct) password and then fails with an "incorrect login" error. If I'm root
on an hp, and run rlogin, it also fails with the same error. Oddly enough, I
can do something like "remsh hickory uname -a" (hickory is the nodename of the
10k), but can't do remsh hickory to just get a shell.
What I seem to have todo is to login to the 10k as a "normal" user, then su to
root. I've checked all the "standard" berkely/arpa config files (hosts,
hosts.equiv, .rhosts, etc.) and they are ok -- identical to what I'm using
successfully on the hp's. Any ideas? This is kind of a pain...
Thanks in advance.....
--
Paul B. Booth (paul@eye.com) (...!hplabs!hpfcla!eye!paul)
-------------------------------------------------------------------------------
3D/EYE, Inc., 2359 N. Triphammer Rd., Ithaca, NY 14850 voice: (607)257-1381
fax: (607)257-7335hanche@imf.unit.no (Harald Hanche-Olsen) (01/29/91)
In article <1991Jan28.195924.6231@eye.com> paul@eye.com (Paul B. Booth) writes:
Anyone seen this?: I've got a dn10k wired into a net of hp 9000's. I'd like
to be able to login to the 10K as root from the net (I'm sysadmin here, so this
is no idle wish :-)). Seems to be impossible. Telnet takes the root login and
(correct) password and then fails with an "incorrect login" error.
# Append this to the /etc/ttys file to enable root login from the network
ttyp0 none network off secure
ttyp1 none network off secure
... and so on, up to ttypf of ttyqf or whatever is your highest pty.
- Harald Hanche-Olsen <hanche@imf.unit.no>
Division of Mathematical Sciences
The Norwegian Institute of Technology
N-7034 Trondheim, NORWAYkrowitz@RICHTER.MIT.EDU (David Krowitz) (01/29/91)
If I remember correctly, the /etc/ttys files that is distibuted with the Apollo OS does not define any of the pty's as being "secure" (ie. ok for root to log into). I think this is your problem. -- David Krowitz krowitz@richter.mit.edu (18.83.0.109) krowitz%richter.mit.edu@eddie.mit.edu krowitz%richter.mit.edu@mitvma.bitnet (in order of decreasing preference)
dfazio@nachos.SSESCO.com (Dennis Fazio) (02/26/91)
In article <1991Jan28.195924.6231@eye.com> paul@eye.com (Paul B. Booth) writes: > > ........ > >What I seem to have todo is to login to the 10k as a "normal" user, then su to >root. I've checked all the "standard" berkely/arpa config files (hosts, >hosts.equiv, .rhosts, etc.) and they are ok -- identical to what I'm using >successfully on the hp's. Any ideas? This is kind of a pain... > I believe that this is deliberately made so by Domain/OS. I seem to remember calling Apollo support on this a while ago (late '89 or early 90) and the engineer stated that for tighter security reasons, direct login as root over the network is disallowed. You must have an account on the machine to log in to first, and then have permission to su to root. This is on a 10.2 system. I do not know if this situation has changed with 10.3. -- Dennis Fazio | Internet: dfazio@ssesco.com SSESCO | Gabnet: (612) 342-0003 511 11th Avenue South, Suite 268 | Faxnet: (612) 344-1716 Minneapolis, Minnesota 55415 |
chen@digital.sps.mot.com (Jinfu Chen) (02/27/91)
>>What I seem to have todo is to login to the 10k as a "normal" user, then su to >>root. I've checked all the "standard" berkely/arpa config files (hosts, >>hosts.equiv, .rhosts, etc.) and they are ok -- identical to what I'm using >>successfully on the hp's. Any ideas? This is kind of a pain... >> >I believe that this is deliberately made so by Domain/OS. I seem to remember >calling Apollo support on this a while ago (late '89 or early 90) and the >engineer stated that for tighter security reasons, direct login as root over >the network is disallowed. This is not true. All you need is to configure /etc/ttys to allow root login via psudo-ttys (if you really want to): pty0 none dumb on secure pty1 none dumb on secure . . . ptyf none dumb on secure Perhaps this should be added to Jim Ree's FQA file? -- Jinfu Chen (602)898-5338 Motorola, Inc. SPS Mesa, AZ ...uunet!motsps!digital!chen chen@digital.sps.mot.com CMS: RXFR30 at MESAVM ----------
rees@pisa.citi.umich.edu (Jim Rees) (02/28/91)
In article <2349@tuvie.UUCP>, mike@vlsivie.tuwien.ac.at (Michael K. Gschwind) writes:
OH NO! NOT AGAIN! Is there any FAQ list? (I think somebody once
mentioned he had such a beast) If so, please add this answer and
post the FAQ once a month.
The FAQ list is available from dabo.ifs.umich.edu, and yes it does talk
about "secure" ttys. I don't post it monthly but will be happy to mail it
to anyone who can't ftp.