Bug 20525 - PAM configs should make the nologin module requisite
Summary: PAM configs should make the nologin module requisite
Status: CLOSED DUPLICATE of bug 17183
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: rsh   
(Show other bugs)
Version: 6.2
Hardware: i386
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: David Lawrence
URL:
Whiteboard:
Keywords: FutureFeature
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2000-11-08 15:59 UTC by John Bollinger
Modified: 2007-04-18 16:29 UTC (History)
0 users

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-11-08 15:59:56 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

Description John Bollinger 2000-11-08 15:59:53 UTC
The PAM config files for rsh, rlogin, and rexec should all have the nologin module at the top of the authentication stack,
with control flag "requisite."  The contents of the nologin file will be displayed in any case (with the default configs), so
moving the module to the top of the stack in no way increases security exposure.  Putting that module at the top and
making it requisite, however, does reduce the nuisance value of being prompted for a password when access will in any
case assuredly be denied.  It furthermore is a minor security gain for rexec and sometimes rlogin because no password
will ever be sent across the network when because of the nologin module there is no chance that access will be granted.

Comment 1 Phil Knirsch 2001-06-16 15:15:48 UTC
Fixed for current release (RH 7.1).

Read ya, Phil

*** This bug has been marked as a duplicate of 17183 ***


Note You need to log in before you can comment on or make changes to this bug.