[rsbac] UM

[Gergely Lónyai]

> -------- Original Message --------
> Subject: [rsbac] UM
> From: Jens Kasten <igraltist at rsbac.org>
> Date: Sun, January 16, 2011 10:20 am
> To: rsbac-mailing-list <rsbac at rsbac.org>
> 
> 
> Hi list,
> 
> I am using UM for user authentification.
> 
> I must set sufficient and not required for categorie auth
> in /etc/pam.d/system-auth otherwise it does not work.
> 
> This I see in the log message.
> 
> Jan 16 10:06:19 jaschtschik su[9778]: pam_authenticate: Authentication
> failure
> Jan 16 10:06:19 jaschtschik su[9778]: FAILED su for root by jens
> Jan 16 10:06:19 jaschtschik su[9778]: - /dev/pts/2 jens:root
> 
> Latest rsbac-admin-tools 1.4.5 and kernel 2.6.35.10 from git.
> 
> /etc/pamd.d/system-auth:
> auth    required    pam_env.so
> auth    sufficient   pam_rsbac.so
> #auth  required	pam_rsbac.so try_first_pass likeauth nullok
> auth    required    pam_deny.so
> 
> account required    pam_rsbac.so
> account optional    pam_permit.so
> 
> password    required    pam_cracklib.so difok=2 minlen=8 dcredit=2
> ocredit=2 try_first_pass retry=3
> password    required	pam_rsbac.so
> password    required    pam_deny.so
> 
> session required    pam_limits.so
> session required    pam_env.so
> session required    pam_rsbac.so
> session optional    pam_permit.so
> 
> /etc/nsswitch.conf:
> passwd:     rsbac
> shadow:     rsbac
> group:      rsbac
> 
> kernel-configuration for um:
> CONFIG_RSBAC_UM=y
> CONFIG_RSBAC_UM_DIGEST=y
> CONFIG_RSBAC_UM_USER_MIN=2000
> CONFIG_RSBAC_UM_GROUP_MIN=2000
> CONFIG_RSBAC_UM_EXCL=y
> CONFIG_RSBAC_UM_MIN_PASS_LEN=6
> CONFIG_RSBAC_UM_NON_ALPHA=y
> CONFIG_RSBAC_UM_PWHISTORY=y
> CONFIG_RSBAC_UM_PWHISTORY_MAX=8
> CONFIG_RSBAC_UM_ONETIME=y
> CONFIG_RSBAC_UM_ONETIME_MAX=100
> CONFIG_RSBAC_UM_VIRTUAL=y
> CONFIG_RSBAC_UM_VIRTUAL_ISOLATE=y
> CONFIG_RSBAC_AUTH_UM_PROT=y
> CONFIG_RSBAC_ACL_UM_PROT=y
> CONFIG_RSBAC_FF_UM_PROT=y
> 
> Grüsse 
> Jens
> 
Hi,

Do you set up the root's password after user import with rsbac_passwd?

Aleph