macferrin@slsvax.harvard.edu (Kurtis MacFerrin) (10/23/90)
Hi, Under 3.2.1 we connected to our iris from a VAX using VMS 4.7 and Multinet 2.1's rlogin without incident. Now, however, under 3.3.1 the iris either asks for a password (despite the .rhosts file entry) or hangs (hitting the return key "wakes up" the iris in such cases, and it asks for a login name). Does anyone else use Multinet and 3.3.1 without this problem? Also, the 3.3.1 release notes say that /etc/issue is printed before each ftp, rlogin and telnet connection, but this doesn't happen for Multinet rlogin connections (it does happen for Multinet telnet, and for Ultrix rlogins). Another really weird thing I've just discovered is that rlogins from Ultrix to irix 3.3.1 insist that I don't have a password, then make me enter my old password before I can change the password to something new. This happens at EVERY rlogin. Anyone happily rloging from Ultrix to Irix 3.3.1? I'll summarize any responses I get. Thanks. Kurtis MacFerrin macferrin@slsvax.harvard.edu
blbates@AERO4.LARC.NASA.GOV ("Brent L. Bates AAD/TAB MS361 x42854") (10/25/90)
In reference to having to enter you old password and the a new one. We had the same problem, it didn't seem to matter from where we were rlogin'ing in from. The solution was to turn off password aging. That is if your password is over a specified age you are required to change it to a new one. -- Brent L. Bates NASA-Langley Research Center M.S. 361 Hampton, Virginia 23665-5225 (804) 864-2854 E-mail: blbates@aero4.larc.nasa.gov or blbates@aero2.larc.nasa.gov
macferrin@slsvax.harvard.edu (Kurtis MacFerrin) (10/27/90)
In article <9010242024.AA18026@aero4.larc.nasa.gov>, blbates@AERO4.LARC.NASA.GOV ("Brent L. Bates AAD/TAB MS361 x42854") writes... > In reference to having to enter you old password and the a new one. >We had the same problem, it didn't seem to matter from where we were >rlogin'ing in from. The solution was to turn off password aging. That >is if your password is over a specified age you are required to change >it to a new one. >-- > Brent L. Bates > E-mail: blbates@aero4.larc.nasa.gov or blbates@aero2.larc.nasa.gov Thanks for the advice, but since we don't have password aging turned on, that can't be our problem. One part of the problem (rlogin from ultrix to irix 3.3.1 requests a password change ALWAYS) was fixed by removing passwdreq from /etc/config/login.options, as suggested to me by John Fwu. (Thanks John) We still have a problem in using rlogin from vms using Multinet 2.1 to irix 3.3.1. The problem is that the user is always prompted for the password, despite the proper .rhosts entry. If anyone finds a fix for this, please post it to this group or mail me and I'll post it. Thanks. Kurtis MacFerrin macferrin@slsvax.harvard.edu
vjs@rhyolite.wpd.sgi.com (Vernon Schryver) (10/28/90)
In article <4525@husc6.harvard.edu>, macferrin@slsvax.harvard.edu (Kurtis MacFerrin) writes: > ... > We still have a problem in using rlogin from vms using Multinet 2.1 to irix > 3.3.1. The problem is that the user is always prompted for the password, > despite the proper .rhosts entry. If anyone finds a fix for this, please post > it to this group or mail me and I'll post it. Thanks. The most common cause of .rhosts failures is that the machine name in the .rhosts files is not the name of the machine determined by the system. To test this, login by giving the password, and then examine the REMOTEHOST environment variable (see environ(5), env(1), printenv(1)). It contains the system's idea of the remote system name, obtained first with getpeername(2) and then gethostbyaddr(3N). This means that the IRIS may not have the same idea of remote system's name as you have. The name will be the first or canonical name, not one of the nicknames. If the IRIS is unable to resolve the IP address into a name, then REMOTEHOST will contain the IP address. The host name that is sought in the .rhosts file is the one determined as described above, the one in REMOTEHOST. I seem to recall that you can omit the domain in .rhosts if it is the same as that of the local host. You can put raw IP addresses into .rhosts, for those hosts names that cannot be resolved. Computing the host name rather than believing what comes over the wire is a security measure. The REMOTEHOST and REMOTEUSER variables date from the days when the primary IRIS networking was XNS. Vernon Schryver, vjs@sgi.com
sysjohn@physics.utoronto.ca (John Chee Wah) (10/31/90)
In article <4525@husc6.harvard.edu> macferrin@slsvax.harvard.edu writes:
# In article <9010242024.AA18026@aero4.larc.nasa.gov>, blbates@AERO4.LARC.NASA.GOV ("Brent L. Bates AAD/TAB MS361 x42854") writes...
# > In reference to having to enter you old password and the a new one.
# >We had the same problem, it didn't seem to matter from where we were
# >rlogin'ing in from. The solution was to turn off password aging. That
# >is if your password is over a specified age you are required to change
# >it to a new one.
# >--
# > Brent L. Bates
# > E-mail: blbates@aero4.larc.nasa.gov or blbates@aero2.larc.nasa.gov
#
# Thanks for the advice, but since we don't have password aging turned on, that
# can't be our problem. One part of the problem (rlogin from ultrix to irix
# 3.3.1 requests a password change ALWAYS) was fixed by removing passwdreq from
# /etc/config/login.options, as suggested to me by John Fwu. (Thanks John)
#
# We still have a problem in using rlogin from vms using Multinet 2.1 to irix
# 3.3.1. The problem is that the user is always prompted for the password,
# despite the proper .rhosts entry. If anyone finds a fix for this, please post
# it to this group or mail me and I'll post it. Thanks.
#
# Kurtis MacFerrin macferrin@slsvax.harvard.edu
Assuming that (1) your vms machine has more than one address (2) and it is
connecting to your irix not via the first address in the host file. (3)
you use the host file first before bind.
The way that host names are matched in 3.3[.1] is broken. I have called the
hotline about this back in July/August with 3.3 but I think they do not think it
is a bug. Solution for now is to list the internet addresses in your .rhosts or
hosts.equiv files.
If you use the nameserver first (as in /usr/etc/resolv.conf) then you have to
use the fully canonical name.