[rsbac] UM

Gergely Lónyai gergely at lonyai.com
Mon Jan 17 09:14:19 CET 2011 

> -------- Original Message --------
> Subject: Re: [rsbac] UM
> From: Jens Kasten <igraltist at rsbac.org>
> Date: Mon, January 17, 2011 8:45 am
> To: RSBAC Discussion and Announcements <rsbac at rsbac.org>
> 
> 
> Am Sonntag, den 16.01.2011, 23:51 -0700 schrieb Gergely Lónyai:
> > > -------- Original Message --------
> > > Subject: [rsbac] UM
> > > From: Jens Kasten <igraltist at rsbac.org>
> > > Date: Sun, January 16, 2011 10:20 am
> > > To: rsbac-mailing-list <rsbac at rsbac.org>
> > > 
> > > 
> > > Hi list,
> > > 
> > > I am using UM for user authentification.
> > > 
> > > I must set sufficient and not required for categorie auth
> > > in /etc/pam.d/system-auth otherwise it does not work.
> > > 
> > > This I see in the log message.
> > > 
> > > Jan 16 10:06:19 jaschtschik su[9778]: pam_authenticate: Authentication
> > > failure
> > > Jan 16 10:06:19 jaschtschik su[9778]: FAILED su for root by jens
> > > Jan 16 10:06:19 jaschtschik su[9778]: - /dev/pts/2 jens:root
> > > 
> > > Latest rsbac-admin-tools 1.4.5 and kernel 2.6.35.10 from git.
> > > 
> > > /etc/pamd.d/system-auth:
> > > auth    required    pam_env.so
> > > auth    sufficient   pam_rsbac.so
> > > #auth  required	pam_rsbac.so try_first_pass likeauth nullok
> > > auth    required    pam_deny.so
> > > 
> > > account required    pam_rsbac.so
> > > account optional    pam_permit.so
> > > 
> > > password    required    pam_cracklib.so difok=2 minlen=8 dcredit=2
> > > ocredit=2 try_first_pass retry=3
> > > password    required	pam_rsbac.so
> > > password    required    pam_deny.so
> > > 
> > > session required    pam_limits.so
> > > session required    pam_env.so
> > > session required    pam_rsbac.so
> > > session optional    pam_permit.so
> > > 
> > > /etc/nsswitch.conf:
> > > passwd:     rsbac
> > > shadow:     rsbac
> > > group:      rsbac
> > > 
> > > kernel-configuration for um:
> > > CONFIG_RSBAC_UM=y
> > > CONFIG_RSBAC_UM_DIGEST=y
> > > CONFIG_RSBAC_UM_USER_MIN=2000
> > > CONFIG_RSBAC_UM_GROUP_MIN=2000
> > > CONFIG_RSBAC_UM_EXCL=y
> > > CONFIG_RSBAC_UM_MIN_PASS_LEN=6
> > > CONFIG_RSBAC_UM_NON_ALPHA=y
> > > CONFIG_RSBAC_UM_PWHISTORY=y
> > > CONFIG_RSBAC_UM_PWHISTORY_MAX=8
> > > CONFIG_RSBAC_UM_ONETIME=y
> > > CONFIG_RSBAC_UM_ONETIME_MAX=100
> > > CONFIG_RSBAC_UM_VIRTUAL=y
> > > CONFIG_RSBAC_UM_VIRTUAL_ISOLATE=y
> > > CONFIG_RSBAC_AUTH_UM_PROT=y
> > > CONFIG_RSBAC_ACL_UM_PROT=y
> > > CONFIG_RSBAC_FF_UM_PROT=y
> > > 
> > > Grüsse 
> > > Jens
> > > 
> > Hi,
> > 
> > Do you set up the root's password after user import with rsbac_passwd?
> 
> Yes I have. I have removed the files passwd, group, and shadow.
> 

No, I did not speak it. Do you update the rsbac passwords with rsbac
tool? The user import does not import the old password. The rsbac
password encoder not compatible the pam password storage.

Aleph

More information about the rsbac mailing list