17 Jan 2011 09:34
Re: UM
Jens Kasten <jens <at> kasten-edv.de>
2011-01-17 08:34:08 GMT
2011-01-17 08:34:08 GMT
Am Montag, den 17.01.2011, 09:22 +0100 schrieb Jens Kasten: > Am Montag, den 17.01.2011, 01:14 -0700 schrieb Gergely Lónyai: > > > -------- Original Message -------- > > > Subject: Re: [rsbac] UM > > > From: Jens Kasten <igraltist <at> rsbac.org> > > > Date: Mon, January 17, 2011 8:45 am > > > To: RSBAC Discussion and Announcements <rsbac <at> rsbac.org> > > > > > > > > > Am Sonntag, den 16.01.2011, 23:51 -0700 schrieb Gergely Lónyai: > > > > > -------- Original Message -------- > > > > > Subject: [rsbac] UM > > > > > From: Jens Kasten <igraltist <at> rsbac.org> > > > > > Date: Sun, January 16, 2011 10:20 am > > > > > To: rsbac-mailing-list <rsbac <at> rsbac.org> > > > > > > > > > > > > > > > Hi list, > > > > > > > > > > I am using UM for user authentification. > > > > > > > > > > I must set sufficient and not required for categorie auth > > > > > in /etc/pam.d/system-auth otherwise it does not work. > > > > > > > > > > This I see in the log message. > > > > > > > > > > Jan 16 10:06:19 jaschtschik su[9778]: pam_authenticate: Authentication > > > > > failure > > > > > Jan 16 10:06:19 jaschtschik su[9778]: FAILED su for root by jens > > > > > Jan 16 10:06:19 jaschtschik su[9778]: - /dev/pts/2 jens:root > > > > > > > > > > Latest rsbac-admin-tools 1.4.5 and kernel 2.6.35.10 from git. > > > > > > > > > > /etc/pamd.d/system-auth: > > > > > auth required pam_env.so > > > > > auth sufficient pam_rsbac.so > > > > > #auth required pam_rsbac.so try_first_pass likeauth nullok > > > > > auth required pam_deny.so > > > > > > > > > > account required pam_rsbac.so > > > > > account optional pam_permit.so > > > > > > > > > > password required pam_cracklib.so difok=2 minlen=8 dcredit=2 > > > > > ocredit=2 try_first_pass retry=3 > > > > > password required pam_rsbac.so > > > > > password required pam_deny.so > > > > > > > > > > session required pam_limits.so > > > > > session required pam_env.so > > > > > session required pam_rsbac.so > > > > > session optional pam_permit.so > > > > > > > > > > /etc/nsswitch.conf: > > > > > passwd: rsbac > > > > > shadow: rsbac > > > > > group: rsbac > > > > > > > > > > kernel-configuration for um: > > > > > CONFIG_RSBAC_UM=y > > > > > CONFIG_RSBAC_UM_DIGEST=y > > > > > CONFIG_RSBAC_UM_USER_MIN=2000 > > > > > CONFIG_RSBAC_UM_GROUP_MIN=2000 > > > > > CONFIG_RSBAC_UM_EXCL=y > > > > > CONFIG_RSBAC_UM_MIN_PASS_LEN=6 > > > > > CONFIG_RSBAC_UM_NON_ALPHA=y > > > > > CONFIG_RSBAC_UM_PWHISTORY=y > > > > > CONFIG_RSBAC_UM_PWHISTORY_MAX=8 > > > > > CONFIG_RSBAC_UM_ONETIME=y > > > > > CONFIG_RSBAC_UM_ONETIME_MAX=100 > > > > > CONFIG_RSBAC_UM_VIRTUAL=y > > > > > CONFIG_RSBAC_UM_VIRTUAL_ISOLATE=y > > > > > CONFIG_RSBAC_AUTH_UM_PROT=y > > > > > CONFIG_RSBAC_ACL_UM_PROT=y > > > > > CONFIG_RSBAC_FF_UM_PROT=y > > > > > > > > > > Grüsse > > > > > Jens > > > > > > > > > Hi, > > > > > > > > Do you set up the root's password after user import with rsbac_passwd? > > > > > > Yes I have. I have removed the files passwd, group, and shadow. > > > > > > > No, I did not speak it. Do you update the rsbac passwords with rsbac > > tool? The user import does not import the old password. The rsbac > > password encoder not compatible the pam password storage. > > You mean, rsbac_passwd -n root? > The password's are added with this. This was wrong in my system-auth file. auth required pam_deny.so When I uncomment it than its work. Maybe there was a differnet between the pam-1.0 and befor. I don't know. > > Aleph > > > > _______________________________________________ > > rsbac mailing list > > rsbac <at> rsbac.org > > http://www.rsbac.org/mailman/listinfo/rsbac > > > _______________________________________________ > rsbac mailing list > rsbac <at> rsbac.org > http://www.rsbac.org/mailman/listinfo/rsbac _______________________________________________ rsbac mailing list rsbac <at> rsbac.org http://www.rsbac.org/mailman/listinfo/rsbac
RSS Feed