Bug 193199
| Summary: | Backport pam_ccreds module | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 3 | Reporter: | Daniel Riek <riek> |
| Component: | pam_ccreds | Assignee: | Tomas Mraz <tmraz> |
| Status: | CLOSED ERRATA | QA Contact: | Jay Turner <jturner> |
| Severity: | high | Docs Contact: | |
| Priority: | urgent | ||
| Version: | 3.0 | CC: | jwilleford, laroche, nalin, pgraner, sgrubb, srevivo |
| Target Milestone: | --- | Keywords: | FutureFeature |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | PMCmmt | ||
| Fixed In Version: | RHEA-2007-0461 | Doc Type: | Enhancement |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2007-06-11 18:41:18 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 190430 | ||
|
Description
Daniel Riek
2006-05-25 23:46:42 UTC
The proper PAM (system-auth) configuration is: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth [authinfo_unavail=ignore success=1 default=2] pam_ldap.so try_first_pass auth [success=done default=die] pam_ccreds.so action=validate use_first_pass auth [success=done default=die] pam_ccreds.so action=store auth [default=die] pam_ccreds.so action=update auth required pam_deny.so account required pam_unix.so account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore authinfo_unavail=ignore] pam_ldap.so password required pam_cracklib.so retry=3 password sufficient pam_unix.so nullok use_authtok shadow md5 password sufficient pam_ldap.so use_authtok password required pam_deny.so session required pam_limits.so session required pam_unix.so session optional pam_ldap.so So actually for RHEL3 (pam-0.75) one more adjustment is necessary, this is final PAM config: #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so likeauth nullok auth [authinfo_unavail=ignore success=1 default=2] pam_ldap.so try_first_pass auth [success=done default=die] pam_ccreds.so action=validate use_first_pass auth [success=done default=die] pam_ccreds.so action=store auth [default=die] pam_ccreds.so action=update auth required pam_deny.so account required pam_unix.so account [default=bad success=ok user_unknown=ignore service_err=ignore system_err=ignore authinfo_unavail=ignore] pam_ldap.so password required pam_cracklib.so retry=3 password sufficient pam_unix.so nullok use_authtok shadow md5 password sufficient pam_ldap.so use_authtok password required pam_deny.so session required pam_limits.so session required pam_unix.so session optional pam_ldap.so An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2007-0461.html |