Bug 20525

Summary: PAM configs should make the nologin module requisite
Product: [Retired] Red Hat Linux Reporter: John Bollinger <jobollin>
Component: rshAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED DUPLICATE QA Contact: David Lawrence <dkl>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.2Keywords: FutureFeature
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2000-11-08 15:59:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description John Bollinger 2000-11-08 15:59:53 UTC 
The PAM config files for rsh, rlogin, and rexec should all have the nologin module at the top of the authentication stack,
with control flag "requisite."  The contents of the nologin file will be displayed in any case (with the default configs), so
moving the module to the top of the stack in no way increases security exposure.  Putting that module at the top and
making it requisite, however, does reduce the nuisance value of being prompted for a password when access will in any
case assuredly be denied.  It furthermore is a minor security gain for rexec and sometimes rlogin because no password
will ever be sent across the network when because of the nologin module there is no chance that access will be granted.
Comment 1 Phil Knirsch 2001-06-16 15:15:48 UTC 
Fixed for current release (RH 7.1).

Read ya, Phil

*** This bug has been marked as a duplicate of 17183 ***