Bug#332198: [Pkg-shadow-devel] Bug#332198: login: unable to determine TTY name, got /dev/pts/1

Marc Lehmann schmorp at schmorp.de
Fri Oct 7 05:30:12 UTC 2005 

On Wed, Oct 05, 2005 at 06:13:58PM +0200, Christian Perrier <bubulle at debian.org> wrote:
> Can you try reproducing this with login and passwd packages from sid ?

It happens with this version, too:

ii  login                              4.0.11.1-1 system login tools
ii  passwd                             4.0.11.1-1 change and administer password and group data

If you want, I can test with 4.0.12 if there are important changes between
4.0.11 and .12.

> It also seems that you're trying to rsh from root to root on another
> host.

Yes.

> Despite being highly insecure,

Despite this being untrue and not substantiatable, people like to repeat
this kind of non-fact often, just like parrots :) What might be insecure
is not rsh, but, say, your root-password, or your wire, or ..., but
rsh/rlogin are not generally less secure than, say, ssh. Claiming it is
does not improve security, because it only makes issues more confusing.

If you meant that seriously, you should first understand what the
insecurities are that are involved in remote login are, and it's not the
rlogin protocol. At least ssh is not generally more secure (it supports
the same modes of authentication, and not every wire can be tapped, nor
does tapping, in generally, lower the security of rsh/rlogin), and people
don't complain about ssh being "highly insecure", either.

> have you checked the contents of
> /etc/securetty on the target machine?

It does not contain any pts/* entries, but that doesn't matter, because my
pam.d/rlogin file looks like this (should have attached it to the original
report, sorry), and has securetty checks disabled:

   #%PAM-1.0
   #auth           requisite       pam_securetty.so
   auth            sufficient      pam_rhosts_auth.so suppress no_hosts_equiv
   auth            required        pam_unix.so nullok
   auth            required        pam_nologin.so
   account         required        pam_unix.so
   password        required        pam_unix.so nullok use_authtok obscure min=4 max=8
   session         required        pam_unix.so

> I actually think that the "unable to determine TTY name" from login is
> maybe not *the* cause of the problem.

That might very well be. I do not see that message, however, when it works
(probably >>99.999% of the time), and I have the syslog from my machines
onscreen most of the time, so it is at least a hint on the problem, even if
it's just another symptom.

-- 
                The choice of a
      -----==-     _GNU_
      ----==-- _       generation     Marc Lehmann
      ---==---(_)__  __ ____  __      pcg at goof.com
      --==---/ / _ \/ // /\ \/ /      http://schmorp.de/
      -=====/_/_//_/\_,_/ /_/\_\      XX11-RIPE

More information about the Pkg-shadow-devel mailing list