[rsbac] nsswitch and pam configuration for UM
Palon Setin
palons at danwin1210.me
Thu Dec 13 03:46:00 CET 2018
Hi!
I have no issue compiling and installing. I'm running the latest
4.19.8-rsbac.
But I can't find any help with configuring /etc/nsswitch.conf and
/etc/pam.d/*.
The closest I found is 7 yrs old:
https://www.rsbac.org/pipermail/rsbac/2011-January/002565.html
The tips in the rsbac-admin package don't help either, they too appear
to be old.
Here's a fraction from:
$ info libc "Name Service Switch"
29.2.3 Notes on the NSS Configuration File
------------------------------------------
Finally a few more hints. ...
... The ‘passwd’, ‘group’, and ‘shadow’ databases are traditionally
handled in a special way. ... This kind of lookup remains possible if
the GNU C
Library was configured with the ‘--enable-obsolete-nsl’ option and the
special lookup service ‘compat’ is used. If the GNU C Library was
configured with the ‘--enable-obsolete-nsl’ option the default value for
the three databases above is ‘compat [NOTFOUND=return] files’. If the
‘--enable-obsolete-nsl’ option was not used the default value for the
services is ‘files’.
...
$
I'm not even in the clear which package contains /etc/nsswitch.conf in
the stock Debian install... And I have no experience compiling libc...
Is it necessary to recompile (and which package exactly of) libc with
‘--enable-obsolete-nsl’ to get the tip in the current rsbac-admin
implementable?
I have tried following what I found, in rsbac-admin, and in the page
from 2011 linked above, as well as tips from:
https://www.mad-hacking.net/documentation/linux/security/rsbac/security-migration.xml
Similarly, /etc/pamd.d/* is completely different nowadays than what can
be found in documentation.
I have these libraries, from the latest (2018-08) rsbac-admin, installed:
/lib/libnss_rsbac.a
/lib/libnss_rsbac.la
/lib/libnss_rsbac.so
/lib/libnss_rsbac.so.2
/lib/libnss_rsbac.so.2.0.0
/lib/security/pam_rsbac_oldpw.so
/lib/security/pam_rsbac.so
(which installation I think I did correctly).
Any suggestions how to solve these issues?
More information about the rsbac
mailing list