[rsbac] UM
Jens Kasten
igraltist at rsbac.org
Mon Jan 17 09:22:49 CET 2011
Am Montag, den 17.01.2011, 01:14 -0700 schrieb Gergely Lónyai:
> > -------- Original Message --------
> > Subject: Re: [rsbac] UM
> > From: Jens Kasten <igraltist at rsbac.org>
> > Date: Mon, January 17, 2011 8:45 am
> > To: RSBAC Discussion and Announcements <rsbac at rsbac.org>
> >
> >
> > Am Sonntag, den 16.01.2011, 23:51 -0700 schrieb Gergely Lónyai:
> > > > -------- Original Message --------
> > > > Subject: [rsbac] UM
> > > > From: Jens Kasten <igraltist at rsbac.org>
> > > > Date: Sun, January 16, 2011 10:20 am
> > > > To: rsbac-mailing-list <rsbac at rsbac.org>
> > > >
> > > >
> > > > Hi list,
> > > >
> > > > I am using UM for user authentification.
> > > >
> > > > I must set sufficient and not required for categorie auth
> > > > in /etc/pam.d/system-auth otherwise it does not work.
> > > >
> > > > This I see in the log message.
> > > >
> > > > Jan 16 10:06:19 jaschtschik su[9778]: pam_authenticate: Authentication
> > > > failure
> > > > Jan 16 10:06:19 jaschtschik su[9778]: FAILED su for root by jens
> > > > Jan 16 10:06:19 jaschtschik su[9778]: - /dev/pts/2 jens:root
> > > >
> > > > Latest rsbac-admin-tools 1.4.5 and kernel 2.6.35.10 from git.
> > > >
> > > > /etc/pamd.d/system-auth:
> > > > auth required pam_env.so
> > > > auth sufficient pam_rsbac.so
> > > > #auth required pam_rsbac.so try_first_pass likeauth nullok
> > > > auth required pam_deny.so
> > > >
> > > > account required pam_rsbac.so
> > > > account optional pam_permit.so
> > > >
> > > > password required pam_cracklib.so difok=2 minlen=8 dcredit=2
> > > > ocredit=2 try_first_pass retry=3
> > > > password required pam_rsbac.so
> > > > password required pam_deny.so
> > > >
> > > > session required pam_limits.so
> > > > session required pam_env.so
> > > > session required pam_rsbac.so
> > > > session optional pam_permit.so
> > > >
> > > > /etc/nsswitch.conf:
> > > > passwd: rsbac
> > > > shadow: rsbac
> > > > group: rsbac
> > > >
> > > > kernel-configuration for um:
> > > > CONFIG_RSBAC_UM=y
> > > > CONFIG_RSBAC_UM_DIGEST=y
> > > > CONFIG_RSBAC_UM_USER_MIN=2000
> > > > CONFIG_RSBAC_UM_GROUP_MIN=2000
> > > > CONFIG_RSBAC_UM_EXCL=y
> > > > CONFIG_RSBAC_UM_MIN_PASS_LEN=6
> > > > CONFIG_RSBAC_UM_NON_ALPHA=y
> > > > CONFIG_RSBAC_UM_PWHISTORY=y
> > > > CONFIG_RSBAC_UM_PWHISTORY_MAX=8
> > > > CONFIG_RSBAC_UM_ONETIME=y
> > > > CONFIG_RSBAC_UM_ONETIME_MAX=100
> > > > CONFIG_RSBAC_UM_VIRTUAL=y
> > > > CONFIG_RSBAC_UM_VIRTUAL_ISOLATE=y
> > > > CONFIG_RSBAC_AUTH_UM_PROT=y
> > > > CONFIG_RSBAC_ACL_UM_PROT=y
> > > > CONFIG_RSBAC_FF_UM_PROT=y
> > > >
> > > > Grüsse
> > > > Jens
> > > >
> > > Hi,
> > >
> > > Do you set up the root's password after user import with rsbac_passwd?
> >
> > Yes I have. I have removed the files passwd, group, and shadow.
> >
>
> No, I did not speak it. Do you update the rsbac passwords with rsbac
> tool? The user import does not import the old password. The rsbac
> password encoder not compatible the pam password storage.
You mean, rsbac_passwd -n root?
The password's are added with this.
> Aleph
>
> _______________________________________________
> rsbac mailing list
> rsbac at rsbac.org
> http://www.rsbac.org/mailman/listinfo/rsbac
More information about the rsbac
mailing list