A number of sites seem to have been hit by a bugfix(!) in ssh, which
has been distributed in the current version of SLC. (There's a thread
on rollout.)
This fix means that ssh respects the account locked (i.e., password
being "!!") and refuses login, even when shosts.equiv and
ssh_known_hosts are setup correctly. This breaks your site if you use
ssh for internode communication.
Unfortunately this is the way that YAIM creates pool accounts.
I don't think if affects vanilla SL yet, but it's clearly an accident
waiting to happen. The fix is to change the password on all pool
accounts to "*".
The fix in perl looks like:
perl -i.old -pe 's/^(([a-z]+\d{3})|([a-z]{3,5}(sgm|prd))):!!/$1:
\*/;' /etc/shadow
I hear YAIM will be fixed, but I didn't see a savannah bug on this...
Cheers
Graeme
--
Dr Graeme Stewart - http://wiki.gridpp.ac.uk/wiki/User:Graeme_stewart
GridPP DM Wiki - http://wiki.gridpp.ac.uk/wiki/Data_Management
ScotGrid - http://www.scotgrid.ac.uk/ http://scotgrid.blogspot.com/
|