[rsbac] UM
Gergely Lónyai
aleph at mandriva.org
Mon Jan 17 07:51:33 CET 2011
> -------- Original Message --------
> Subject: [rsbac] UM
> From: Jens Kasten <igraltist at rsbac.org>
> Date: Sun, January 16, 2011 10:20 am
> To: rsbac-mailing-list <rsbac at rsbac.org>
>
>
> Hi list,
>
> I am using UM for user authentification.
>
> I must set sufficient and not required for categorie auth
> in /etc/pam.d/system-auth otherwise it does not work.
>
> This I see in the log message.
>
> Jan 16 10:06:19 jaschtschik su[9778]: pam_authenticate: Authentication
> failure
> Jan 16 10:06:19 jaschtschik su[9778]: FAILED su for root by jens
> Jan 16 10:06:19 jaschtschik su[9778]: - /dev/pts/2 jens:root
>
> Latest rsbac-admin-tools 1.4.5 and kernel 2.6.35.10 from git.
>
> /etc/pamd.d/system-auth:
> auth required pam_env.so
> auth sufficient pam_rsbac.so
> #auth required pam_rsbac.so try_first_pass likeauth nullok
> auth required pam_deny.so
>
> account required pam_rsbac.so
> account optional pam_permit.so
>
> password required pam_cracklib.so difok=2 minlen=8 dcredit=2
> ocredit=2 try_first_pass retry=3
> password required pam_rsbac.so
> password required pam_deny.so
>
> session required pam_limits.so
> session required pam_env.so
> session required pam_rsbac.so
> session optional pam_permit.so
>
> /etc/nsswitch.conf:
> passwd: rsbac
> shadow: rsbac
> group: rsbac
>
> kernel-configuration for um:
> CONFIG_RSBAC_UM=y
> CONFIG_RSBAC_UM_DIGEST=y
> CONFIG_RSBAC_UM_USER_MIN=2000
> CONFIG_RSBAC_UM_GROUP_MIN=2000
> CONFIG_RSBAC_UM_EXCL=y
> CONFIG_RSBAC_UM_MIN_PASS_LEN=6
> CONFIG_RSBAC_UM_NON_ALPHA=y
> CONFIG_RSBAC_UM_PWHISTORY=y
> CONFIG_RSBAC_UM_PWHISTORY_MAX=8
> CONFIG_RSBAC_UM_ONETIME=y
> CONFIG_RSBAC_UM_ONETIME_MAX=100
> CONFIG_RSBAC_UM_VIRTUAL=y
> CONFIG_RSBAC_UM_VIRTUAL_ISOLATE=y
> CONFIG_RSBAC_AUTH_UM_PROT=y
> CONFIG_RSBAC_ACL_UM_PROT=y
> CONFIG_RSBAC_FF_UM_PROT=y
>
> Grüsse
> Jens
>
Hi,
Do you set up the root's password after user import with rsbac_passwd?
Aleph
More information about the rsbac
mailing list