[rsbac] UM

[Jens Kasten]

Hi list,

I am using UM for user authentification.

I must set sufficient and not required for categorie auth
in /etc/pam.d/system-auth otherwise it does not work.

This I see in the log message.

Jan 16 10:06:19 jaschtschik su[9778]: pam_authenticate: Authentication
failure
Jan 16 10:06:19 jaschtschik su[9778]: FAILED su for root by jens
Jan 16 10:06:19 jaschtschik su[9778]: - /dev/pts/2 jens:root

Latest rsbac-admin-tools 1.4.5 and kernel 2.6.35.10 from git.

/etc/pamd.d/system-auth:
auth    required    pam_env.so
auth    sufficient   pam_rsbac.so
#auth  required	pam_rsbac.so try_first_pass likeauth nullok
auth    required    pam_deny.so

account required    pam_rsbac.so
account optional    pam_permit.so

password    required    pam_cracklib.so difok=2 minlen=8 dcredit=2
ocredit=2 try_first_pass retry=3
password    required	pam_rsbac.so
password    required    pam_deny.so

session required    pam_limits.so
session required    pam_env.so
session required    pam_rsbac.so
session optional    pam_permit.so

/etc/nsswitch.conf:
passwd:     rsbac
shadow:     rsbac
group:      rsbac

kernel-configuration for um:
CONFIG_RSBAC_UM=y
CONFIG_RSBAC_UM_DIGEST=y
CONFIG_RSBAC_UM_USER_MIN=2000
CONFIG_RSBAC_UM_GROUP_MIN=2000
CONFIG_RSBAC_UM_EXCL=y
CONFIG_RSBAC_UM_MIN_PASS_LEN=6
CONFIG_RSBAC_UM_NON_ALPHA=y
CONFIG_RSBAC_UM_PWHISTORY=y
CONFIG_RSBAC_UM_PWHISTORY_MAX=8
CONFIG_RSBAC_UM_ONETIME=y
CONFIG_RSBAC_UM_ONETIME_MAX=100
CONFIG_RSBAC_UM_VIRTUAL=y
CONFIG_RSBAC_UM_VIRTUAL_ISOLATE=y
CONFIG_RSBAC_AUTH_UM_PROT=y
CONFIG_RSBAC_ACL_UM_PROT=y
CONFIG_RSBAC_FF_UM_PROT=y

Grüsse 
Jens