YEOAK@NUSDISCS.BITNET (10/14/89)
Re: rsh & rlogin
I've collected more info regarding our rsh problem. I've tried
to rlogin from DSP90 tp HP9000 and SUN. (Our DSP90 runs SR10.1
with default SYSTYPE=BSD4.3 and sits on Domain Ring and Ethernet.)
Observed the following:
(1a) DSP90> rlogin hp90000
Password:
-- always failed and normal login is prompted
(1b) DSP90> rlogin sun
remuser too long
(2a) DSP90> rlogin hp9000 -l yeoak
-- login is ok w/o password prompting
(2b) DSP90> rlogin sun -l yeoak
remuser too long
Our SUN (SunOS 3.5) responded differently from HP9000 (HP-UX 6.5)
as shown in (1) & (2). I don't know why but
I suspect that the userid of SR10.1 is not sent
properly to SUN and HP9000 as in (1a),(1b) & (2b).
Since rlogin & rsh adopted the same authentication procedures, I don't think
it's the problem of /etc/hosts or .rhosts as shown in (2a). Can anybody give
some pointers please? Is there any bug reported about rsh/rlogin?
--AnnKian Yeo
Email: YEOAK%NUSDISCS.BITNET@CUNYVM.CUNY.EDU
Department of Information Systems and Computer Science (DISCS)
National University of Singapore (NUS)YEOAK@NUSDISCS.BITNET (10/15/89)
Re: rlogin & rsh
I've posted this before and managed to solve part of
the problem, ie rsh. The problem was that rsh didn't work
from DSP90 (running SR10.1 with SYSTYPE=bsd4.3) to HP9000
and SUN. The way I solved is to add in group name in the
respective .rhosts files of the destination nodes. Eg. in ~yeoak/.rhost
of the HP9000 or SUN node where I want to rsh from DSP90:
dsp90 yeoak.compsc
where dsp90 is the hostname
yeoak is the username
compsc is the groupname
note: yeoak.compsc.none is defined in node dsp90's SR10.1 registry
but yeoak.staff is defined in hp9000 /etc/passwd & /etc/group
So when I did (from DSP90): rsh HP9000 -l yeoak "ls"
and I got the result. But if I did: rsh HP9000 "ls"
and still... "login incorrect" is returned.
Anybody has any idea why it is do? Is this documented? Is this a "legitimate"
solution?
--AnnKian Yeo
Email: YEOAK%NUSDISCS.BITNET@CUNYVM.CUNY.EDU
Department of Information Systems and Computer Science (DISCS)
National University of Singapore (NUS)pato@apollo.HP.COM (Joe Pato) (10/16/89)
In article <8910140409.AA22141@umix.cc.umich.edu> YEOAK@NUSDISCS.BITNET writes: >Re: rlogin & rsh > >I've posted this before and managed to solve part of >the problem, ie rsh. The problem was that rsh didn't work >from DSP90 (running SR10.1 with SYSTYPE=bsd4.3) to HP9000 >and SUN. The way I solved is to add in group name in the >respective .rhosts files of the destination nodes. Eg. in ~yeoak/.rhost >of the HP9000 or SUN node where I want to rsh from DSP90: > > dsp90 yeoak.compsc > > where dsp90 is the hostname > yeoak is the username > compsc is the groupname > note: yeoak.compsc.none is defined in node dsp90's SR10.1 registry > but yeoak.staff is defined in hp9000 /etc/passwd & /etc/group > >So when I did (from DSP90): rsh HP9000 -l yeoak "ls" >and I got the result. But if I did: rsh HP9000 "ls" >and still... "login incorrect" is returned. > >Anybody has any idea why it is do? Is this documented? Is this a "legitimate" >solution? > >--AnnKian Yeo > Email: YEOAK%NUSDISCS.BITNET@CUNYVM.CUNY.EDU > Department of Information Systems and Computer Science (DISCS) > National University of Singapore (NUS) The problem you have encountered is that the passwd files on the HP and on the apollo (the registry on Domain/OS) are not in synch. Rlogin and Rsh rely on account names being the same on the two machines - if they are different you must use "rsh <machine> -l <user>" and make the appropriate annotation in the .rhost file. The problem is further complicated in that account names in Domain/OS are not necessarily a simple username. Account names are of the form Person.Group.Org. The registry allows an administrator to choose an abbreviation for an account name - i.e., the administrator can choose to allow people to login with just a person name. e.g., The account "bob.staff.none" can be abbreviated to "bob" if the abbreviation for the account is <person>. If everyone has a primary login account (an account that is abbreviated to <person>) then UNIX tools (e.g., getpwuid(getuid())) will extract a simple name from the registry database and work as expected. If not, then you have to make sure that the foreign machine's /etc/passwd file has the appropriate person.group or person.group.org entries. (In your case, the HP passwd file and the apollo registry were not in synch) These problems go away if you run Apollo's portable Passwd Etc product on the foreign machines. Using Passwd Etc, all machines have direct access to the shared registry database - and this way the accounts database (passwd files) cannot get out of synch. Currently Passwd Etc is available for SunOS >3.4 and Vax Ultrix 2.2. An HP/UX version of the product is not yet available. Joe Pato Apollo Computer A Subsidiary of Hewlett-Packard NSFNET: pato@apollo.com UUCP: ...{attunix,uw-beaver,brunix}!apollo!pato