I have two servers: one CentOS 5.8 & one Solaris 10. Both are joined to my workplace AD domain via PBIS-Open. A user will log into the linux server & run an application which issues commands over RSH to the solaris server. Some commands are also run on the linux server, so both are needed. Due to the application these servers are being used for (proprietary GE software), the software on the linux server needs to be able to issue rsh
commands to the solaris server on behalf of the user (the user just runs a script & the rest is automatic).
However, rsh is not working for the domain users. It does work for a local user, so I believe I have the necessary trust settings between the two servers correct. However, I can rlogin
as a domain user from the linux server to the solaris server. SSH works too (how I wish I could use it).
Some relevant info:
via rlogin:
[user@linux~]$ rlogin solaris
connect to address 192.168.1.2 port 543: Connection refused
Trying krb4 rlogin...
connect to address 192.168.1.2 port 543: Connection refused
trying normal rlogin (/usr/bin/rlogin)
Sun Microsystems Inc. SunOS 5.10 Generic January 2005
solaris%
via rsh:
[user@linux ~]$ rsh solaris ls
connect to address 192.168.1.2 port 544: Connection refused
Trying krb4 rsh...
connect to address 192.168.1.2 port 544: Connection refused
trying normal rsh (/usr/bin/rsh)
permission denied.
[user@linux ~]$
relevant snippet from /etc/pam.conf on solaris:
#
# rlogin service (explicit because of pam_rhost_auth)
#
rlogin auth sufficient pam_rhosts_auth.so.1
rlogin auth requisite pam_lsass.so set_default_repository
rlogin auth requisite pam_lsass.so smartcard_prompt try_first_pass
rlogin auth requisite pam_authtok_get.so.1 try_first_pass
rlogin auth sufficient pam_lsass.so try_first_pass
rlogin auth required pam_dhkeys.so.1
rlogin auth required pam_unix_cred.so.1
rlogin auth required pam_unix_auth.so.1
#
# Kerberized rlogin service
#
krlogin auth required pam_unix_cred.so.1
krlogin auth required pam_krb5.so.1
#
# rsh service (explicit because of pam_rhost_auth,
# and pam_unix_auth for meaningful pam_setcred)
#
rsh auth sufficient pam_rhosts_auth.so.1
rsh auth required pam_unix_cred.so.1
#
# Kerberized rsh service
#
krsh auth required pam_unix_cred.so.1
krsh auth required pam_krb5.so.1
#
I have not really seen anything useful in either system log that seem to be directly related to the failed login attempt. I've tail -f
'd /var/adm/messages
on solaris & /var/log/messages
on linux during the failed attempts & nothing shows up. Maybe I need to be doing something else?