From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050416 Fedora/1.0.3-1.3.1 Firefox/1.0.3 Description of problem: The pam subsystem needs some updates for eal4 certification. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: new functionality Additional info:
Created attachment 114523 [details] patch to add audit enhancements
What about the pam_loginuid?
Created attachment 114571 [details] patch to add audit enhancements New patch that handles ECONNREFUSED
Created attachment 114572 [details] patch that adds the loginuid module
Created attachment 114573 [details] patch to add audit enhancements pam_setcred was not logging anything. Fixed.
Created attachment 114594 [details] patch to add audit enhancements This patch adds proper support for pam_setcred.
Created attachment 114883 [details] patch to add audit enhancements This patch adds code for credential reinit and refresh. It also includes the audit_fd update.
Should be fixed in pam >= 0.77-66.7
Created attachment 117302 [details] patch to add auditd requirement This patch corrects the man page and adds a new module option that causes it to query the kernel to see if the audit daemon is running. CAPP mandates that when so configured no logins shall occur if the audit daemon is not running. Please review and apply.
It should be noted that the new patch affects only pam_loginuid module. This bug was reported by IBM today.
The new patch is included in pam-0.77-66.10, pam errata updated.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2005-526.html