netbsd-bugs: misc/29594: PAM - rsh backwards compatibility problem

Subject: misc/29594: PAM - rsh backwards compatibility problem
To: None <misc-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: None <gcw@primenet.com.au>
List: netbsd-bugs
Date: 03/04/2005 14:19:00

>Number:         29594
>Category:       misc
>Synopsis:       rsh(d) backwards root incompatibility
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    misc-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Mar 04 14:19:00 +0000 2005
>Originator:     Geoff C. Wing
>Release:        NetBSD 2.99.16 (2005-03-04)
>Organization:
>Environment:
System: NetBSD g.primenet.com.au 2.99.16 NetBSD 2.99.16 (G) #0: Fri Mar 4 18:14:28 EST 2005 gcw@g.primenet.com.au:/usr/netbsd/src/sys/arch/i386/compile/G i386
Architecture: i386
Machine: i386
>Description:
	1) several of the PAM services think they're daemons but rsh doesn't
	   e.g. telnetd, sshd, ftpd, rexecd   vs  rsh
	2) backwards compatibility was lost with rshd.  root no longer
	   has the same authentication.  This may be desirable in the long
	   term - especially for many people's defaults for a new
	   installation - but, if so, it was snuck in without proper
	   documentation for people to revert.
>How-To-Repeat:
	obvious (hopefully)
>Fix:
	Maybe this should turn into a commented out entry.

--- /usr/src/etc/pam.d/rsh.1	2005-02-27 14:52:24.000000000 +1100
+++ /usr/src/etc/pam.d/rsh	2005-03-05 01:06:33.000000000 +1100
@@ -5,7 +5,7 @@
 
 # auth
 auth		required	pam_nologin.so		no_warn
-auth		required	pam_rhosts.so		no_warn
+auth		required	pam_rhosts.so		no_warn allow_root
 
 # account
 account		required	pam_unix.so