No subject


Tue Nov 9 01:00:01 PST 2010


#%PAM-1.0
# For root login to succeed here with pam_securetty, "rsh" must be
# listed in /etc/securetty.
auth       required     /lib/security/pam_nologin.so
auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_env.so
auth       required     /lib/security/pam_rhosts_auth.so
...

Thus, the "rsh" string in /etc/securetty is only required for allowing
root rsh access. For all other users it is sufficient to 
1) setup /etc/hosts.equiv
2) change the pam_rhosts_auth line in /etc/pam.d/rsh to
auth       sufficient   /lib/security/pam_rhosts_auth.so
3) enable rsh in /etc/xinetd.d/rsh
4) allow you private cluster network through the firewall, e.g.,
-A input -s 0/0 -d 0/0 -i eth1 -j ACCEPT
in /etc/sysconfig/ipchains assuming that eth1 is the interface to
the private network of the cluster nodes.

For root to succeed you can either add "rsh" to /etc/securetty
(which is what I do, but only on the nodes on the private network,
not on the main node that has an interface to the world) or remove
the pam_securetty.so line in /etc/pam.d/rsh.

Martin

========================================================================
Martin Siegert
Academic Computing Services                        phone: (604) 291-4691
Simon Fraser University                            fax:   (604) 291-4242
Burnaby, British Columbia                          email: siegert at sfu.ca
Canada  V5A 1S6
========================================================================




More information about the Beowulf mailing list