Subject: | |
From: | |
Reply To: | |
Date: | Thu, 22 Jan 2009 12:08:29 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
> Date: Wed, 21 Jan 2009 12:52:00 +0100
> From: Honest Guvnor <[log in to unmask]>
> Subject: Fwd: rsh and firewall
>
> On Wed, Jan 21, 2009 at 11:06 AM, Faye Gibbins
> <[log in to unmask]> wrote:
>
>> > Yes rsh is a pain to setup. Please, please, please think about either:
>> >
>> > ssh
>
> We are having some problems with ssh also. What we need is to have the
> compute nodes passwordless to the host and each other. Unfortunately,
> when we use ssh to connect from outside to the host and then onto a
> node (there is no access to the nodes except via the host) the keys
> setup for host+nodes do not work. Setting up sets of keys for all the
> machines that might be used to access the host does not seem right. Is
> there an rsh-type solution of just entries/keys for the host+nodes?
>
>> > or kerberosized rsh.
This is probably easier to accompish by modifying the PAM system-auth
settings. Editing PAM will change password behaviour for rsh, ssh,
console, etc. all at the same time.
On your compute nodes, in the file /etc/pam.d/system-auth change the line:
account required pam_unix.so
to:
account required pam_unix.so broken_shadow
This will accept a user login when they do not a have shadow entry (ie.
no password, not even an empty one).
http://www.centos.org/docs/5/html/5.2/Deployment_Guide/s1-pam-sample-simple.html
http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/sag-pam_unix.html
You will still need a way for the compute nodes to be aware of usernames
& uids (ie. /etc/passwd info).
This fix is from perceus, software to provision operating systems to
compute nodes:
https://perceus.org/svn/perceus/1.3/scripts/share/scientific-linux-4.5-genchroot.sh
|
|
|