[rsbac] nsswitch and pam configuration for UM
Amon Ott
ao at rsbac.org
Thu Dec 13 08:41:32 CET 2018
Am 13.12.18 um 03:46 schrieb Palon Setin:
> I have no issue compiling and installing. I'm running the latest
> 4.19.8-rsbac.
> But I can't find any help with configuring /etc/nsswitch.conf and
> /etc/pam.d/*.
> The closest I found is 7 yrs old:
> https://www.rsbac.org/pipermail/rsbac/2011-January/002565.html
> The tips in the rsbac-admin package don't help either, they too appear
> to be old.
After you imported your existing groups and users into RSBAC UM with
rsbac_groupadd -O
rsbac_useradd -O
and set new passwords, which cannot be imported, with rsbac_passwd,
you can change the nsswitch lines
passwd: compat
group: compat
shadow: compat
to
passwd: rsbac
group: rsbac
shadow: rsbac
to let RSBAC translate between user names and uids. If you want to use
both, try
passwd: rsbac compat
group: rsbac compat
shadow: rsbac compat
In /etc/pam.d/common-auth you can replace
auth [success=1 default=ignore] pam_unix.so nullok_secure
or similar with
auth required pam_rsbac.so
to use RSBAC for authentication. common-account, common-password and
common-session are similar. If you want to fallback to passwd/shadow, try
auth sufficient pam_rsbac.so
auth [success=1 default=ignore] pam_unix.so nullok_secure
Amon.
--
http://www.rsbac.org - GnuPG: 2048g/5DEAAA30 2002-10-22
More information about the rsbac
mailing list