Unable to telnet/rsh/rlogin to Solaris 2.8 after upgrade to patch level Generic_117350-11 from Generic_108528-20

From: Jitendra Sharma (jksharma_at_yahoo.com)
Date: 10/12/04 

Date: 12 Oct 2004 14:09:59 -0700

Dear Unix Security Gurus,

I am facing problem login into the Solaris box via telnet/ssh/rlogin
remote
access mechanisms if PAM LOGIN LIMIT module is *ENABLED* after
upgrading to the patch level Generic_117350-11 from Generic_108528-20.

This upgrade was done by applying "Solaris 8 Recommended Patch
Cluster"
released on "Oct/01/04".

Please advise how to get around this problem and if it's a known
issue.

This is how 'telnet' mechanism access rules defined in /etc/pam.conf

#
# RC telnet
telnet auth requisite pam_authtok_get.so.1
telnet auth required pam_dhkeys.so.1
telnet auth sufficient pam_unix_auth.so.1
telnet auth required pam_login_limit.so.1 count_limit=3
#ENDRC telnet
#

stanford::/home/jitendra/cprog>telnet fern
Trying x.x.x.x ........
Connected to fern.
Escape character is '^]'.

SunOS 5.8

login: nwkprod
Password:
Connection closed by foreign host.

After commenting out "telnet auth required
pam_login_limit.so.1 count_limit=3" line user can login to the box.

stanford::/home/jitendra/cprog>telnet fern
Trying x.x.x.x ......
Connected to fern.
Escape character is '^]'.

SunOS 5.8

login: nwkprod
Password:
Last login: Mon Oct 11 11:34:06 from stanford
Sun Microsystems Inc. SunOS 5.8 Generic Patch October 2001
[WS 6.1 and Orbix 2000 Patch cluster installed Fri Jul 25 13:44:12 PDT
2003]
You have mail.
fern<nwkprod>81:

Any pointers/suggestions will be hughly appreciated.

Thanks a lot in advance.
Jitendra

Relevant Pages