Mailing List Archive

Actually I'm working on library functions that will manipulate the
conserver.passwd file so that you
no longer have to use vi to add users.

Chris


-----Original Message-----
From: Ernie Oporto [mailto:Ernie.Oporto@viragelogic.com]
Sent: Tuesday, May 01, 2001 12:32 PM
To: Conserver-Users
Subject: checking passwords


I have a Red Hat 7.1 machine that seems like it is not really reading the
conserver.passwd file to check users. I have placed my username and hash in
that passwd file, which works on my machine running conserver, but not on my
colleague's machine, set up just the same way. It seems to bring out that
conserver is not checking the passwd file for fake usernames, since I have
no user named cheeseblintzes. =)

[root@racoon /root]# console -l eoporto pumpkin
Enter eoporto's password:
console: pumpkin: Sorry.
[root@racoon /root]# console -l cheeseblintzes host
console: console: server host not found
[root@racoon /root]# console -l cheeseblintzes pumpkin
Enter cheeseblintzes's password:
console: pumpkin: Sorry.

The log file claims it is a bad password...
tail /var/log/conserver.log
conserver: pumpkin: tamale@: bad passwd
conserver: pumpkin: someone@: bad passwd
conserver: pumpkin: cheeseblintzes@: bad passwd
conserver: pumpkin: eoporto@: bad passwd

...yet that is the hash from my /etc/shadow file.

Is there any way for conserve to set the initial password instead of doing
the cut and paste?

--
Ernest A. Oporto, Systems Administrator
Virage Logic Corporation
http://www.viragelogic.com
Perryville Corporate Park, Bldg 3, Clinton, NJ 08809
Phone:(908)735-1932 Fax:(908)735-1999
mailto:Ernie.Oporto@viragelogic.com

Hmmm...I'm not exactly sure what's going on here, but you should be able to
have the password be "*passwd*" instead of the hash and it will look up the
password using library calls just like other apps...so, you just need to have

user1:*passwd*:any
user2:*passwd*:any
user3:*passwd*:any

and so on (user1 through user3 should be replaced with real names...other
things are literal). I *think* that will fix the problem - or at least get
around it. Sounds like there's probably something else going on as well.

And, yes, if you put in a username and a has in the conserver.passwd file it
will only use that and not check the real password file for being a valid
user...that way you can set up a conserver host with a few admin accounts and a
slew of conserver accounts so non-admins can access consoles.

Anyway, if that helps at all, cool. If not, can you send some more info, like
the exact setup of all things (linux, conserver, the conserver config files,
etc)? A lot of info, I know, but I'm not sure what, exactly, the problem is -
maybe I'm just being dense.

Bryan

Quoting Ernie Oporto <Ernie.Oporto@viragelogic.com>:
> I have a Red Hat 7.1 machine that seems like it is not really reading
> the
> conserver.passwd file to check users. I have placed my username and
> hash in
> that passwd file, which works on my machine running conserver, but not
> on my
> colleague's machine, set up just the same way. It seems to bring out
> that
> conserver is not checking the passwd file for fake usernames, since I
> have
> no user named cheeseblintzes. =)
>
> [root@racoon /root]# console -l eoporto pumpkin
> Enter eoporto's password:
> console: pumpkin: Sorry.
> [root@racoon /root]# console -l cheeseblintzes host
> console: console: server host not found
> [root@racoon /root]# console -l cheeseblintzes pumpkin
> Enter cheeseblintzes's password:
> console: pumpkin: Sorry.
>
> The log file claims it is a bad password...
> tail /var/log/conserver.log
> conserver: pumpkin: tamale@: bad passwd
> conserver: pumpkin: someone@: bad passwd
> conserver: pumpkin: cheeseblintzes@: bad passwd
> conserver: pumpkin: eoporto@: bad passwd
>
> ...yet that is the hash from my /etc/shadow file.
>
> Is there any way for conserve to set the initial password instead of
> doing
> the cut and paste?
>
> --
> Ernest A. Oporto, Systems Administrator
> Virage Logic Corporation
> http://www.viragelogic.com
> Perryville Corporate Park, Bldg 3, Clinton, NJ 08809
> Phone:(908)735-1932 Fax:(908)735-1999
> mailto:Ernie.Oporto@viragelogic.com
>

I notice that client/server connects are done in the clear
leaving passwords and commands in the clear. Is anybody currently
working on integrating SSL or other encryption into the mix?
Doug

>
> I notice that client/server connects are done in the clear
> leaving passwords and commands in the clear. Is anybody currently
> working on integrating SSL or other encryption into the mix?
> Doug
>
>
I'm tentatively looking at this (well, I've printed out some of the ssl docs
and started reading up on ssl/tls) but I wouldn't exactly hold your breath :)
).
Given that we (informatics) will be moving to a kerberos based system in the
medium term pamifying console/conserver is on my list of things to do if
no-one else does first.

At the moment we are using a perl script to run ssh to the conserver pc and
then run console on the loopback interface, but this get's information about
which consoles are connected to which server via a metadatabase which is used
to build the conserver.cf and conserver.passwd files so it's probably only a
solution for us.

If people want to see my horrible perl then I'll post it but it's basically

search NIS maps to work out what to connect to

system("/usr/bin/ssh","-t","$console_server","/usr/bin/console -M localhost
$args")




> _______________________________________________
> users mailing list
> users@conserver.com
> https://www.conserver.com/mailman/listinfo/users

--
Iain Rae Tel:01316505202
Computing Officer JCMB:2148
Division of Informatics
The University of Edinburgh