[rsbac] UM

Jens Kasten igraltist at rsbac.org
Mon Jan 17 09:22:49 CET 2011


Am Montag, den 17.01.2011, 01:14 -0700 schrieb Gergely Lónyai:
> > -------- Original Message --------
> > Subject: Re: [rsbac] UM
> > From: Jens Kasten <igraltist at rsbac.org>
> > Date: Mon, January 17, 2011 8:45 am
> > To: RSBAC Discussion and Announcements <rsbac at rsbac.org>
> > 
> > 
> > Am Sonntag, den 16.01.2011, 23:51 -0700 schrieb Gergely Lónyai:
> > > > -------- Original Message --------
> > > > Subject: [rsbac] UM
> > > > From: Jens Kasten <igraltist at rsbac.org>
> > > > Date: Sun, January 16, 2011 10:20 am
> > > > To: rsbac-mailing-list <rsbac at rsbac.org>
> > > > 
> > > > 
> > > > Hi list,
> > > > 
> > > > I am using UM for user authentification.
> > > > 
> > > > I must set sufficient and not required for categorie auth
> > > > in /etc/pam.d/system-auth otherwise it does not work.
> > > > 
> > > > This I see in the log message.
> > > > 
> > > > Jan 16 10:06:19 jaschtschik su[9778]: pam_authenticate: Authentication
> > > > failure
> > > > Jan 16 10:06:19 jaschtschik su[9778]: FAILED su for root by jens
> > > > Jan 16 10:06:19 jaschtschik su[9778]: - /dev/pts/2 jens:root
> > > > 
> > > > Latest rsbac-admin-tools 1.4.5 and kernel 2.6.35.10 from git.
> > > > 
> > > > /etc/pamd.d/system-auth:
> > > > auth    required    pam_env.so
> > > > auth    sufficient   pam_rsbac.so
> > > > #auth  required	pam_rsbac.so try_first_pass likeauth nullok
> > > > auth    required    pam_deny.so
> > > > 
> > > > account required    pam_rsbac.so
> > > > account optional    pam_permit.so
> > > > 
> > > > password    required    pam_cracklib.so difok=2 minlen=8 dcredit=2
> > > > ocredit=2 try_first_pass retry=3
> > > > password    required	pam_rsbac.so
> > > > password    required    pam_deny.so
> > > > 
> > > > session required    pam_limits.so
> > > > session required    pam_env.so
> > > > session required    pam_rsbac.so
> > > > session optional    pam_permit.so
> > > > 
> > > > /etc/nsswitch.conf:
> > > > passwd:     rsbac
> > > > shadow:     rsbac
> > > > group:      rsbac
> > > > 
> > > > kernel-configuration for um:
> > > > CONFIG_RSBAC_UM=y
> > > > CONFIG_RSBAC_UM_DIGEST=y
> > > > CONFIG_RSBAC_UM_USER_MIN=2000
> > > > CONFIG_RSBAC_UM_GROUP_MIN=2000
> > > > CONFIG_RSBAC_UM_EXCL=y
> > > > CONFIG_RSBAC_UM_MIN_PASS_LEN=6
> > > > CONFIG_RSBAC_UM_NON_ALPHA=y
> > > > CONFIG_RSBAC_UM_PWHISTORY=y
> > > > CONFIG_RSBAC_UM_PWHISTORY_MAX=8
> > > > CONFIG_RSBAC_UM_ONETIME=y
> > > > CONFIG_RSBAC_UM_ONETIME_MAX=100
> > > > CONFIG_RSBAC_UM_VIRTUAL=y
> > > > CONFIG_RSBAC_UM_VIRTUAL_ISOLATE=y
> > > > CONFIG_RSBAC_AUTH_UM_PROT=y
> > > > CONFIG_RSBAC_ACL_UM_PROT=y
> > > > CONFIG_RSBAC_FF_UM_PROT=y
> > > > 
> > > > Grüsse 
> > > > Jens
> > > > 
> > > Hi,
> > > 
> > > Do you set up the root's password after user import with rsbac_passwd?
> > 
> > Yes I have. I have removed the files passwd, group, and shadow.
> > 
> 
> No, I did not speak it. Do you update the rsbac passwords with rsbac
> tool? The user import does not import the old password. The rsbac
> password encoder not compatible the pam password storage.

You mean, rsbac_passwd -n root?
The password's are added with this.


> Aleph
> 
> _______________________________________________
> rsbac mailing list
> rsbac at rsbac.org
> http://www.rsbac.org/mailman/listinfo/rsbac




More information about the rsbac mailing list