Subject: Re: PAM enabled on head
To: Christos Zoulas <christos@zoulas.com>
From: Hauke Fath <hauke@Espresso.Rhein-Neckar.DE>
List: current-users
Date: 03/10/2005 20:49:55
At 18:39 Uhr -0500 9.3.2005, Christos Zoulas wrote:
>On Mar 9, 11:41pm, hauke@Espresso.Rhein-Neckar.DE (Hauke Fath) wrote:
>-- Subject: Re: PAM enabled on head
>
>| Any ideas what else I could check?
>
>tcpdump? ktrace -i inetd on the server side... It works for me.
This is getting weird... From a 'ktrace -di /usr/sbin/inetd' I get the idea
that rshd does the pam dance and then silently quits:
[...]
1128 rshd RET poll 1, 28000/0x6d60
1128 rshd CALL recvfrom(3,0x1a0d8,0x2260,0,0,0)
1128 rshd GIO fd 3 read 36 bytes
"\M^V\M-,\M^WP\0\0\0\^A\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\^B\0\0\0\0\0\0\0\0
"
1128 rshd RET recvfrom 36/0x24, -1/0xffffffff
1128 rshd CALL __sigprocmask14(3,0xfffb9058,0)
1128 rshd RET __sigprocmask14 0, 1
1128 rshd CALL __sigprocmask14(3,0xfffb90bc,0xfffb90cc)
1128 rshd RET __sigprocmask14 0, 1
1128 rshd CALL close(3)
1128 rshd RET close 0, 1
1128 rshd CALL __sigprocmask14(3,0xfffb90cc,0)
1128 rshd RET __sigprocmask14 0, -29818767/0xfe390071
1128 rshd CALL setgroups(5,0xfffb9728)
1128 rshd RET setgroups 0, -1/0xffffffff
1128 rshd PSIG SIGSEGV SIG_DFL
2388 rshd RET poll 1, -1/0xffffffff
2388 rshd CALL read(6,0xffffadf0,0x400)
2388 rshd GIO fd 6 read 0 bytes
""
2388 rshd RET read 0, 17/0x11
2388 rshd CALL shutdown(3,2)
2388 rshd RET shutdown 0, 17/0x11
2388 rshd CALL poll(0xffffb1f8,2,0xffffffff)
2388 rshd RET poll 2, 1
2388 rshd CALL read(3,0xfffb97ef,1)
2388 rshd GIO fd 3 read 0 bytes
""
2388 rshd RET read 0, 1
2388 rshd CALL poll(0xffffb1f8,2,0xffffffff)
2388 rshd RET poll 1, 1
2388 rshd CALL gettimeofday(0xfffb8a88,0)
2388 rshd RET gettimeofday 0, 255/0xff
2388 rshd CALL getpid
2388 rshd RET getpid 2388/0x954, 26356/0x66f4
2388 rshd CALL sendto(4,0xfffb8ee8,0x60,0,0,0)
2388 rshd GIO fd 4 wrote 96 bytes
"<31>Mar 10 01:23:59 rshd[2388]: in openpam_dispatch(): calling
pam_sm_setcred() in p\
am_rhosts.so"
2388 rshd RET sendto 96/0x60, 65535/0xffff
2388 rshd CALL gettimeofday(0xfffb8a84,0)
2388 rshd RET gettimeofday 0, 255/0xff
2388 rshd CALL getpid
2388 rshd RET getpid 2388/0x954, 26356/0x66f4
2388 rshd CALL sendto(4,0xfffb8ee4,0x5f,0,0,0)
2388 rshd GIO fd 4 wrote 95 bytes
"<31>Mar 10 01:23:59 rshd[2388]: in openpam_dispatch():
pam_rhosts.so: pam_sm_setcred\
(): success"
2388 rshd RET sendto 95/0x5f, 65535/0xffff
2388 rshd CALL munmap(0x40f0000,0x3000)
2388 rshd RET munmap 0
2388 rshd CALL munmap(0x40ec000,0x4000)
2388 rshd RET munmap 0
2388 rshd CALL munmap(0x40f4000,0x5000)
2388 rshd RET munmap 0
2388 rshd CALL munmap(0x40fa000,0xb000)
2388 rshd RET munmap 0, 6
2388 rshd CALL munmap(0x4106000,0xe000)
2388 rshd RET munmap 0, 6
2388 rshd CALL munmap(0x4114000,0x3000)
2388 rshd RET munmap 0
2388 rshd CALL munmap(0x4118000,0x3000)
2388 rshd RET munmap 0
2388 rshd CALL exit(0)
26356 inetd RET kevent 1, 1
26356 inetd CALL wait4(0xffffffff,0xffffae94,1,0)
whereas a 2.0 rshd syslogs the sent command and proceeds to fork a shell.
OTOH, rlogin works fine, as does an rsh without command.
hauke
--
/~\ The ASCII Ribbon Campaign
\ / No HTML/RTF in email
X No Word docs in email
/ \ Respect for open standards