Did you try removing the pam_securetty line from
/etc/pam.d/{rsh,rlogin,rexec}?

Andrew Leahy

I'd really suggest you use the SSH suite of programs instead - I've put
together a mini-howto on how to setup SSH to stop having to type in
passwords each time, as well as a shell script to implement the
'Symlink-trick'...

http://www.lost.co.nz/main/linux/ssh.html

Enjoy!

-- Leon
--

I have the same setup. To echo the ssh suggestion in a different way,
always remember that rsh tools were developed for use on a trusted
network. They should only be used on trusted networks, and you
must firewall off any other network connections.

Here's what my notes say I did:

1) Add rsh and rlogin to the file /etc/securetty. Just add two lines to
the end of the file with "rsh" on one and "rlogin" on the other.

2) Edit the xinetd settings for rlogin and rsh. These are the files
/etc/xinetd.d/rlogin and /etc/xinetd.d/rsh. Change the "disable"
line from "yes" to "no".

3) Add the cluster machines to /etc/hosts.equiv

3A) Make sure that TCP Wrappers doesn't block the cluster machines.
In /etc/hosts.allow, they should be listed with a line like
"ALL: 192.168.1. localhost", where 192.168.1.XXX is the private
network for the cluster. One should also make sure that /etc/hosts.deny
has only one line reading "ALL:ALL".

3B) Make sure your firewall won't block these connections from your
cluster network. Check /etc/sysconfig/ipchains or /etc/sysconfig/iptables.

4) If you want root rlogin capability (insert usual danger warnings,
etc), then you need an rhosts file for root ( /root/.rhosts ) that
lists all the cluster machines.

5) You probably need to restart xinetd with "/etc/init.d/xinetd restart"

6) My notes don't list any changes to /etc/pam.d/rsh or/etc/pam.d/rlogin,
but I might have missed writing something down. However, RPM reports
that these files are the same as installed.

7) Make changes to all cluster machines (obvious, but easy to forget).

If I missed soemthing, let me know.

Frank

Accoring to the securetty(5) and login(1) man pages, you're just supposed to
list tty devices from /dev, there's nothing about "rsh" or "rlogin" being
valid. I added ttyp[0-5], which is somewhat sub-optimal since root won't be
allowed to login if the first six pseudo-ttys are already in use, though in
practice that hasn't been a problem. Do you know where you found out about
adding "rsh" as a tty? That's sounds like a much better way to do it if it
really works.
Insead of adding ALL to hosts.allow, add two lines like:
in.rshd : 192.168.0.
in.rlogind : 192.168.0.

That way you're only opening up rsh and rlogin ports, not ftp, telnet, daytime
or what have you.
Also make sure that the .rhosts file is owned by root and not writable by
group or other, or it won't work. You can also omit the hosts.equiv step if
you only want users with .rhosts to have rsh without password ability.