Bug 230120 - LSPP: Not able to log into the machine with large number of categories
LSPP: Not able to log into the machine with large number of categories
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: pam (Show other bugs)
5.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
David Lawrence
:
Depends On:
Blocks: RHEL5LSPPCertTracker
  Show dependency treegraph
 
Reported: 2007-02-26 13:56 EST by Tomas Mraz
Modified: 2010-10-22 09:21 EDT (History)
4 users (show)

See Also:
Fixed In Version: RHSA-2007-0555
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-07 10:40:17 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Tomas Mraz 2007-02-26 13:56:11 EST
+++ This bug was initially created as a clone of Bug #228398 +++

Description of problem:
I don't know if this belongs here or not.  Let me know what you want me to do. 
I have found there is a limit to the number of categories that you ssh in with.
 i.e. the first example works, the second example with one more category does
not. (I have update to the latest level of mctrans)

[root/abat_r/SystemLow@KWUSER1 framework]# ssh
testuser/user_r/s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105@localhost
Could not create directory '/root/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
RSA key fingerprint is 49:f5:9f:53:f1:aa:76:cf:59:dd:7a:6f:eb:b2:b9:e9.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/root/.ssh/known_hosts).
Password:
Last login: Tue Feb 13 15:17:46 2007 from kwuser1.endicott.ibm.com
[testuser/user_r/s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105@KWUSER1
~]$ exit
logout
Connection to localhost closed.
[root/abat_r/SystemLow@KWUSER1 framework]# ssh
testuser/user_r/s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105,c107@localhost
Could not create directory '/root/.ssh'.
The authenticity of host 'localhost (127.0.0.1)' can't be established.
RSA key fingerprint is 49:f5:9f:53:f1:aa:76:cf:59:dd:7a:6f:eb:b2:b9:e9.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/root/.ssh/known_hosts).
Password:
Last login: Tue Feb 13 15:18:02 2007 from kwuser1.endicott.ibm.com
Connection to localhost closed.
[root/abat_r/SystemLow@KWUSER1 framework]#


-- Additional comment from linda.knippers@hp.com on 2007-02-13 16:23 EST --
I've seen the error before:
Could not create directory '/root/.ssh'.

I think its because /root and its contents don't have the right context.
If you do a 'restorecon -v -R /root' you might have better luck.

-- Additional comment from linda.knippers@hp.com on 2007-02-13 16:25 EST --
Actually, that doesn't explain the difference in behavior that you see but
I think it explains some of the error messages.

-- Additional comment from kylene@us.ibm.com on 2007-02-13 16:38 EST --
The issue isn't about the /root/.ssh.  I am not able to login with many
categories.  Notice that the example where the category list goes up to 105
succeeds but the list that goes up to 107 fails.

-- Additional comment from dwalsh@redhat.com on 2007-02-13 17:20 EST --
This seems wierd.  Are you sure you sshd is running with the correct context. 
Why would a testuser be trying to update /root/.ssh?

I have successfully logged in with

 ssh
root/sysadm_r/s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105,c107,c108,c109,c110,c111,c211,c213,c215,c217,c219,c221,c223,c225,c227,c229,c231,c233,c235,c237,c239,c241,c243,c245,c247,c249,c251,c253,c255,c257,c259,c261,c263,c265,c267,c269,c271,c273,c275,c277,c279,c281,c283,c285,c287,c289,c291,c293,c295,c297,c299,c301,c303,c305,c307,c308,c309,c310,c311,c411,c413@xxy
root/sysadm_r/s5:c1,c3,c5,c7,c@xxy's password: 
Last login: Tue Feb 13 17:04:36 2007 from dhcp-10-12-33-199.boston.devel.redhat.com
[root@xxy ~]# id
uid=0(root) gid=0(root)
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
context=root:sysadm_r:sysadm_t:s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105,c107.c111,c211,c213,c215,c217,c219,c221,c223,c225,c227,c229,c231,c233,c235,c237,c239,c241,c243,c245,c247,c249,c251,c253,c255,c257,c259,c261,c263,c265,c267,c269,c271,c273,c275,c277,c279,c281,c283,c285,c287,c289,c291,c293,c295,c297,c299,c301,c303,c305,c307.c311,c411,c413

But it soon breaks after that.  Of course this is an evil test.  :^)


-- Additional comment from kylene@us.ibm.com on 2007-02-13 17:46 EST --
Sorry to cause the confusion with the /root/.ssh it was just a label problem. 
For our tests we ssh in as a user and the /bin/su - to root and run our
frameworks from there.  I have retested on another machine just to make sure I
am not crazy.  This is on an s390x installed today with the latest RC, kickstart
and lspp rpm along with updating all the packages on dwalsh people page repo and
the kernel to lspp.64.  Here are the results I get (I can't test as root do to
the lspp config):

[root/abat_r/SystemLow@KWUSER3 framework]# ssh
testuser/user_r/s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105,c107,c108,c109,c110,c111,c211,c213,c215,c217,c219,c221,c223,c225,c227,c229,c231,c233,c235,c237,c239,c241,c243,c245,c247,c249,c251,c253,c255,c257,c259,c261,c263,c265,c267,c269,c271,c273,c275,c277,c279,c281,c283,c285,c287,c289,c291,c293,c295,c297,c299,c301,c303,c305,c307,c308,c309,c310,c311,c411,c413@localhost
Password:
Last login: Tue Feb 13 16:25:39 2007 from kwuser2.endicott.ibm.com
Connection to localhost closed.
[root/abat_r/SystemLow@KWUSER3 framework]# ssh
testuser/user_r/s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105,c107@localhost
Password: Last login: Tue Feb 13 16:40:41 2007 from kwuser2.endicott.ibm.com
Connection to localhost closed.
[root/abat_r/SystemLow@KWUSER3 framework]# ssh
testuser/user_r/s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105@localhost
Password:
Last login: Tue Feb 13 16:41:09 2007 from kwuser2.endicott.ibm.com
[testuser/user_r/s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105@KWUSER3
~]$ exit
logout
Connection to localhost closed.
[root/abat_r/SystemLow@KWUSER3 framework]# ssh
ealuser/staff_r/s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105@localhost
Password:
Last login: Tue Feb 13 16:28:02 2007 from sig-9-76-206-16.mts.ibm.com
[ealuser/staff_r/s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105@KWUSER3
~]$ exit
logout
Connection to localhost closed.
[root/abat_r/SystemLow@KWUSER3 framework]# ssh
ealuser/staff_r/s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105,c107@localhost
Password:
Last login: Tue Feb 13 16:41:45 2007 from kwuser2.endicott.ibm.com
Connection to localhost closed.
[root/abat_r/SystemLow@KWUSER3 framework]#

You call the test case evil but the original testcase was trying to specify all
the odd categories up to 1023.  This was simply pairing down to where the
failure point is.



-- Additional comment from dwalsh@redhat.com on 2007-02-14 09:36 EST --
The question is whether the test case is realistic.  IE We can go in and try to
figure  out what the problem is.  or is the size of this enough to get 

I have run some tests on mcstrans and libselinux and it seems to handle much
larger data than this, so I think this might be a openssh problem.

-- Additional comment from dwalsh@redhat.com on 2007-02-14 09:38 EST --
Basically running a test with 1024 categories works with the latest mcstrans.

-- Additional comment from kylene@us.ibm.com on 2007-02-14 14:21 EST --
I tried the ssh on another platform (ppc64) to get another data point.  I had
the same results as the s390x.

[ealuser/staff_r/SystemLow@hvracer3 ~]$ ssh
ealuser/staff_r/s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105@localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
RSA key fingerprint is 2f:7d:54:30:69:db:d1:5b:8f:68:a4:56:05:73:dd:c0.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (RSA) to the list of known hosts.
Password:
Last login: Wed Feb 14 13:14:52 2007 from sig-9-65-34-127.mts.ibm.com
[ealuser/staff_r/s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105@hvracer3
~]$ exit
logout
Connection to localhost closed.
[ealuser/staff_r/SystemLow@hvracer3 ~]$ ssh
ealuser/staff_r/s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105,c107@localhost
Password:
Last login: Wed Feb 14 13:17:02 2007 from localhost.localdomain
Connection to localhost closed.

-- Additional comment from klausk@br.ibm.com on 2007-02-15 13:18 EST --
the problem is the filesystem's filename size limit (polyinstantiation attacks
again). With the above testcase, check /var/log/secure:

Feb 15 09:12:30 zaphod sshd[2160]: pam_namespace(sshd:session): Error creating
/home/home.inst/staff_u:object_r:staff_home_dir_t:s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105,c109,c111_ealuser,
File name too long

If I use a user which is not polyinst (add it to /etc/security/namespace.conf),
I can successfully log-in with:

[root@zaphod framework]# ssh
abat//s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105,c107,c109,c111,c113,c115,c117,c119,c121,c123,c125,c127,c129,c131,c133,c135,c137,c139,c141,c143,c145,c147,c149,c151,c153,c155,c157,c159,c161,c163,c165,c167,c169,c171,c173,c175,c177,c179,c181,c183,c185,c187,c189,c191,c193,c195,c197,c199,c201,c203,c205,c207,c209,c211,c213,c215,c217,c219,c221,c223,c225,c227,c229,c231,c233,c235,c237,c239,c241,c243,c245,c247,c249,c251,c253,c255,c257,c259,c261,c263,c265,c267,c269,c271,c273,c275,c277,c279,c281,c283,c285,c287,c289,c291,c293,c295,c297,c299,c301,c303,c305,c307,c309,c311,c313,c315,c317,c319,c321,c323,c325,c327,c329,c331,c333,c335,c337,c339,c341,c343,c345,c347,c349,c351,c353,c355,c357,c359,c361,c363,c365,c367,c369,c371,c373,c375,c377,c379,c381,c383,c385,c387,c389,c391,c393,c395,c397,c399,c401,c403,c405,c407,c409,c411,c413,c415,c417,c419,c421,c423,c425,c427,c429,c431,c433,c435,c437,c439,c441,c443,c445,c447,c449,c451,c453,c455,c457,c459,c461,c463,c465,c467,c469,c471,c473,c475,c477,c479,c481,c483,c485,c487,c489,c491,c493,c495,c497,c499,c501,c503,c505,c507,c509,c511,c513,c515,c517,c519,c521,c523,c525,c527,c529,c531,c533,c535,c537,c539,c541,c543,c545,c547,c549,c551,c553,c555,c557,c559,c561,c563,c565,c567,c569,c571,c573,c575,c577,c579,c581,c583,c585,c587,c589,c591,c593,c595,c597,c599,c601,c603,c605,c607,c609,c611,c613,c615,c617,c619,c621,c623,c625,c627,c629,c631,c633,c635,c637,c639,c641,c643,c645,c647,c649,c651,c653,c655,c657,c659,c661,c663,c665,c667,c669,c671,c673,c675,c677,c679,c681,c683,c685,c687,c689,c691,c693,c695,c697,c699,c701,c703,c705,c707,c709,c711,c713,c715,c717,c719,c721,c723,c725,c727,c729,c731,c733,c735,c737,c739,c741,c743,c745,c747,c749,c751,c753,c755,c757,c759,c761,c763,c765,c767,c769,c771,c773,c775,c777,c779,c781,c783,c785,c787,c789,c791,c793,c795,c797,c799,c801,c803,c805,c807,c809,c811,c813,c815,c817,c819,c821,c823,c825,c827,c829,c831,c833,c835,c837,c839,c841,c843,c845,c847,c849,c851,c853,c855,c857,c859,c861,c863,c865,c867,c869,c871,c873,c875,c877,c879,c881,c883,c885,c887,c889,c891,c893,c895,c897,c899,c901,c903,c905,c907,c909,c911,c913,c915,c917,c919,c921,c923,c925,c927,c929,c931,c933,c935,c937,c939,c941,c943,c945,c947,c949,c951,c953,c955,c957,c959,c961,c963,c965,c967,c969,c971,c973,c975,c977,c979,c981,c983,c985,c987,c989,c991,c993,c995,c997,c999,c1001,c1003,c1005,c1007,c1009,c1011,c1013,c1015,c1017,c1019,c1021,c1023@localhost
Password:
Last login: Thu Feb 15 10:04:22 2007 from localhost.localdomain
[abat@zaphod ~]$ id
uid=502(abat) gid=502(abat) groups=10(wheel),502(abat)
context=abat_u:abat_r:abat_t:s5:c1,c3,c5,c7,c9,c11,c13,c15,c17,c19,c21,c23,c25,c27,c29,c31,c33,c35,c37,c39,c41,c43,c45,c47,c49,c51,c53,c55,c57,c59,c61,c63,c65,c67,c69,c71,c73,c75,c77,c79,c81,c83,c85,c87,c89,c91,c93,c95,c97,c99,c101,c103,c105,c107,c109,c111,c113,c115,c117,c119,c121,c123,c125,c127,c129,c131,c133,c135,c137,c139,c141,c143,c145,c147,c149,c151,c153,c155,c157,c159,c161,c163,c165,c167,c169,c171,c173,c175,c177,c179,c181,c183,c185,c187,c189,c191,c193,c195,c197,c199,c201,c203,c205,c207,c209,c211,c213,c215,c217,c219,c221,c223,c225,c227,c229,c231,c233,c235,c237,c239,c241,c243,c245,c247,c249,c251,c253,c255,c257,c259,c261,c263,c265,c267,c269,c271,c273,c275,c277,c279,c281,c283,c285,c287,c289,c291,c293,c295,c297,c299,c301,c303,c305,c307,c309,c311,c313,c315,c317,c319,c321,c323,c325,c327,c329,c331,c333,c335,c337,c339,c341,c343,c345,c347,c349,c351,c353,c355,c357,c359,c361,c363,c365,c367,c369,c371,c373,c375,c377,c379,c381,c383,c385,c387,c389,c391,c393,c395,c397,c399,c401,c403,c405,c407,c409,c411,c413,c415,c417,c419,c421,c423,c425,c427,c429,c431,c433,c435,c437,c439,c441,c443,c445,c447,c449,c451,c453,c455,c457,c459,c461,c463,c465,c467,c469,c471,c473,c475,c477,c479,c481,c483,c485,c487,c489,c491,c493,c495,c497,c499,c501,c503,c505,c507,c509,c511,c513,c515,c517,c519,c521,c523,c525,c527,c529,c531,c533,c535,c537,c539,c541,c543,c545,c547,c549,c551,c553,c555,c557,c559,c561,c563,c565,c567,c569,c571,c573,c575,c577,c579,c581,c583,c585,c587,c589,c591,c593,c595,c597,c599,c601,c603,c605,c607,c609,c611,c613,c615,c617,c619,c621,c623,c625,c627,c629,c631,c633,c635,c637,c639,c641,c643,c645,c647,c649,c651,c653,c655,c657,c659,c661,c663,c665,c667,c669,c671,c673,c675,c677,c679,c681,c683,c685,c687,c689,c691,c693,c695,c697,c699,c701,c703,c705,c707,c709,c711,c713,c715,c717,c719,c721,c723,c725,c727,c729,c731,c733,c735,c737,c739,c741,c743,c745,c747,c749,c751,c753,c755,c757,c759,c761,c763,c765,c767,c769,c771,c773,c775,c777,c779,c781,c783,c785,c787,c789,c791,c793,c795,c797,c799,c801,c803,c805,c807,c809,c811,c813,c815,c817,c819,c821,c823,c825,c827,c829,c831,c833,c835,c837,c839,c841,c843,c845,c847,c849,c851,c853,c855,c857,c859,c861,c863,c865,c867,c869,c871,c873,c875,c877,c879,c881,c883,c885,c887,c889,c891,c893,c895,c897,c899,c901,c903,c905,c907,c909,c911,c913,c915,c917,c919,c921,c923,c925,c927,c929,c931,c933,c935,c937,c939,c941,c943,c945,c947,c949,c951,c953,c955,c957,c959,c961,c963,c965,c967,c969,c971,c973,c975,c977,c979,c981,c983,c985,c987,c989,c991,c993,c995,c997,c999,c1001,c1003,c1005,c1007,c1009,c1011,c1013,c1015,c1017,c1019,c1021,c1023
[abat@zaphod ~]$ 


-- Additional comment from sgrubb@redhat.com on 2007-02-15 13:47 EST --
What needs to happen is that both pam and sshd need to check if the basename of
the file/dir is < NAME_MAX from limits.h and that the whole path is < PATH_MAX.
It  could possibly change to a hashed name if this limit is violated. I think
the original namespace patch used hashes but this was dropped for readibility.
So, maybe we should have readability until we hit the NAME_MAX limit and then
switch to cryptic dir names.
Comment 1 Tomas Mraz 2007-02-26 14:40:17 EST
Here is my idea how to correct this and also resolve
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=227345.

We will define some arbitrary limit on the directory name. I propose 80
characters as I don't think full context is too useful in case it is much larger
than what fits on the screen with ls output. And we will replace the rest of the
context name with hash value of the whole context. We will also replace all
non-alphanumeric characters which are not ':.,-' with '_' and if this
translation happens we will also append the hash value of the untranslated
context to guard against any ambiguities in the translated context names.
Comment 2 Tomas Mraz 2007-02-26 15:38:18 EST
Please ignore the second part (about non-alphanumeric characters in names) as it
was already decided to use raw context names which cannot contain characters
unsuitable for filenames.
Comment 3 Tomas Mraz 2007-02-26 19:29:19 EST
Fixed in pam-0.99.6.2-17.el5 in dist-5E-lspp
Comment 6 Steve Grubb 2007-03-30 15:48:34 EDT
This is slated for inclusion in 5.1
Comment 10 errata-xmlrpc 2007-11-07 10:40:17 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2007-0555.html

Note You need to log in before you can comment on or make changes to this bug.