dmocsny@uceng.UC.EDU (daniel mocsny) (10/05/89)
I have installed 386/ix version 2.0.1 with TCP/IP on a Compaq Deskpro 386 with a Western Digital Ethercard Plus. This machine connects via thin ethernet through assorted bridges, repeaters, broadband, gateway, etc. to the network at our university and to the Outside World. I followed the instructions in the Interactive manuals as well as I could, did the paperwork with our network administrators (well, vicariously through a human subordinate) to get an Internet address and domain name, etc. Now I can ftp and telnet to machines from sea to shining sea (and some in the purple mountains) right here at my desk. (Wow!) All I need now is a WORM disk so I can download EVERYTHING. But I digress. I now bask in riches, yet my heart cannot rejoice freely. For alas! Though I can telnet to the very ends of the earth, the ends of the earth cannot telnet back to me. My machine hastens to answer the distant calls with login: and password: prompts, but though remoteuser types them with the diligence of the most faithful scribe, my machine can only rasp the reply "login incorrect". I have consulted the sacred texts. I have taken counsel with the wisest men of my village. I have divined the entrails of a goat. I have kept myself from women and strong drink. I have used control-J instead of carriage return. Still, the Great UNIX ignores my supplication. Well, I did have this little episode where a deep slumber came over me (from reading those sacred texts, don't you know), and a spectre of some guy in a robe appeared before me saying, "Appeal to the NET, my son..." So there you have it. To add to my confusion, I note that my machine will accept rlogin and ftp to passworded accounts, but it will not allow regular login to any account, passworded or not. I also have what I think are the right entries in the /etc/hosts and /etc/hosts.equiv files. Wise people of the NET! Come to my aid. I thank you, and the rest of my goats thank you. Dan Mocsny dmocsny@uceng.uc.edu
ji@close.columbia.edu (John Ioannidis) (10/05/89)
In article <2316@uceng.UC.EDU> dmocsny@uceng.UC.EDU (daniel mocsny) writes: >Though I can telnet to the very ends of the earth, the ends of the >earth cannot telnet back to me. My machine hastens to answer the >distant calls with login: and password: prompts, but though remoteuser >types them with the diligence of the most faithful scribe, my machine >can only rasp the reply "login incorrect". > I was plagued by the same problem for a couple of weeks, then in a vision I saw the light. Running strings(1) on /etc/telnetd revealed that the sucker was exec-ing a program called /etc/netlogin. Running it from my terminal showed a similar behavior to /bin/login. So I moved /etc/netlogin to /etc/foobar, then copied over /bin/login to /etc/netlogin and now I can telnet to my heart's content. I can't guarantee that there will be no side effects, though. > >Dan Mocsny >dmocsny@uceng.uc.edu /ji
reiner@coma.UUCP (Reiner Petersen) (10/05/89)
In article <2316@uceng.UC.EDU> dmocsny@uceng.UC.EDU (daniel mocsny) writes: >Though I can telnet to the very ends of the earth, the ends of the >earth cannot telnet back to me. My machine hastens to answer the >distant calls with login: and password: prompts, but though remoteuser >types them with the diligence of the most faithful scribe, my machine >can only rasp the reply "login incorrect". Since 386/ix Version 2.0 crypted passwords are moved into an extra file, named /etc/shadow, which is readable only by root. The /etc/passwd file now contains only an `x' in its password column. The TELNET protocol server (telnetd) seems to use /etc/netlogin when creating a login process, which has never heard of /etc/shadow. I solved that problem by copying the password column from /etc/shadow into /etc/passwd. Telnet works fine since then, but the security improvement is gone, it's a lot of unnecessary work and password changes must be maintained by hand. Therefore this is not an optimal solution. Any hints? -- Reiner Petersen, TU-Berlin BITNET: reiner at db0tui62 UUCP: reiner@coma path: ...!pyramid!tub!coma!reiner (overseas) ...!unido!coma!reiner (Europe)
jackv@turnkey.gryphon.COM (Jack F. Vogel) (10/05/89)
In article <2316@uceng.UC.EDU> dmocsny@uceng.UC.EDU (daniel mocsny) writes: [ flowery introduction deleted....] >I now bask in riches, yet my heart cannot rejoice freely. For alas! >Though I can telnet to the very ends of the earth, the ends of the >earth cannot telnet back to me. My machine hastens to answer the >distant calls with login: and password: prompts, but though remoteuser >types them with the diligence of the most faithful scribe, my machine >can only rasp the reply "login incorrect". I have not actually used or installed ISC's TCP so I am not sure how it comes configured out of the box, however it sounds to me like perhaps it is not configured to run the telnetd, especially since you say that rlogin and ftp work. Check the file /etc/inetd.conf to see what is and isn't commented out. The only other possibility that occurs to me, is that they have added some other default file somewhere which either allows or prohibits remote logins, check in /etc/default to see if any TCP/IP related files have been installed there. Good Luck, Disclaimer: IMHO only. -- Jack F. Vogel jackv@seas.ucla.edu AIX Technical Support - or - Locus Computing Corp. jackv@ifs.umich.edu
max@lgc.UUCP (Max Heffler @ Landmark Graphics) (10/05/89)
In article <2316@uceng.UC.EDU>, dmocsny@uceng.UC.EDU (daniel mocsny) writes: > I have installed 386/ix version 2.0.1 with TCP/IP on a Compaq > Though I can telnet to the very ends of the earth, the ends of the > earth cannot telnet back to me. My machine hastens to answer the > distant calls with login: and password: prompts, but though remoteuser > types them with the diligence of the most faithful scribe, my machine > can only rasp the reply "login incorrect". There was a bug in 386/ix 2.0.1 that can be worked around by moving the encrypted password field in the /etc/shadow file to the appropriate place in the /etc/passwd file. Granted, this is a kluge, and does not allow auto updating with the passwd file. It does allow you to do work, though... -- Max Heffler uucp: ..!uunet!lgc!max Landmark Graphics Corp. phone: (713) 579-4751 333 Cypress Run, Suite 100 Houston, Texas 77094
dipto@umbc3.UMBC.EDU (Mr. D. Chakravarty) (10/13/89)
In article <430@coma.UUCP> reiner@coma.UUCP (Reiner Petersen) writes: >In article <2316@uceng.UC.EDU> dmocsny@uceng.UC.EDU (daniel mocsny) writes: >distant calls with login: and password: prompts, but though remoteuser >types them with the diligence of the most faithful scribe, my machine >can only rasp the reply "login incorrect". Standard telnet protocol in telnetd uses a file called netlogin, written to adhere to standard Unix configuration. Logging in, or rather attempting a log in into a non-standard and/or augmented system with modified /etc/passwd file confuses the hell out of the protocol. One has to patch telnetd to make it read the actual password from /etc/shadow (and /etc/security on RT AIX) so that a graceful login is permitted. Reading an alphabet 'x' on Release 3.2 and the character '!' on selected AIX systems thoroughly screws up the Telnet protocol. Alternatively, a kludge consisting of copying over the password field from /etc/shadow and/or /etc/security to the standard place in /etc/passwd will take you around the problem. Try the second method at first. The former one requiring a patch may be non-trivial. -- dipto@umbc.bitnet ------\ /------ !uunet!umbc3!dipto dipto@umbc3.umbc.edu -------> In-real-life: <------- !nerwin!dipto@umbc3 dipto%ats.uucp@mimsy ------/ Dipto Chakravarty \------ CMSC, U.of Md, 21228