[rsbac] UM
Jens Kasten
igraltist at rsbac.org
Sun Jan 16 10:20:54 CET 2011
Hi list,
I am using UM for user authentification.
I must set sufficient and not required for categorie auth
in /etc/pam.d/system-auth otherwise it does not work.
This I see in the log message.
Jan 16 10:06:19 jaschtschik su[9778]: pam_authenticate: Authentication
failure
Jan 16 10:06:19 jaschtschik su[9778]: FAILED su for root by jens
Jan 16 10:06:19 jaschtschik su[9778]: - /dev/pts/2 jens:root
Latest rsbac-admin-tools 1.4.5 and kernel 2.6.35.10 from git.
/etc/pamd.d/system-auth:
auth required pam_env.so
auth sufficient pam_rsbac.so
#auth required pam_rsbac.so try_first_pass likeauth nullok
auth required pam_deny.so
account required pam_rsbac.so
account optional pam_permit.so
password required pam_cracklib.so difok=2 minlen=8 dcredit=2
ocredit=2 try_first_pass retry=3
password required pam_rsbac.so
password required pam_deny.so
session required pam_limits.so
session required pam_env.so
session required pam_rsbac.so
session optional pam_permit.so
/etc/nsswitch.conf:
passwd: rsbac
shadow: rsbac
group: rsbac
kernel-configuration for um:
CONFIG_RSBAC_UM=y
CONFIG_RSBAC_UM_DIGEST=y
CONFIG_RSBAC_UM_USER_MIN=2000
CONFIG_RSBAC_UM_GROUP_MIN=2000
CONFIG_RSBAC_UM_EXCL=y
CONFIG_RSBAC_UM_MIN_PASS_LEN=6
CONFIG_RSBAC_UM_NON_ALPHA=y
CONFIG_RSBAC_UM_PWHISTORY=y
CONFIG_RSBAC_UM_PWHISTORY_MAX=8
CONFIG_RSBAC_UM_ONETIME=y
CONFIG_RSBAC_UM_ONETIME_MAX=100
CONFIG_RSBAC_UM_VIRTUAL=y
CONFIG_RSBAC_UM_VIRTUAL_ISOLATE=y
CONFIG_RSBAC_AUTH_UM_PROT=y
CONFIG_RSBAC_ACL_UM_PROT=y
CONFIG_RSBAC_FF_UM_PROT=y
Grüsse
Jens
More information about the rsbac
mailing list