[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

SRP problem is not resovled



Thanks for Michael Chang !
But the problem is not resovled. :(

There are 3 problems: telnet, passwd and ssh
1. telnet problem
/usr/local/srp/bin/telnet 127.0.0.1
Trying 127.0.0.1...
Connected to GATE (127.0.0.1).
Escape character is '^]'.
[ Negotiating SSL/TLS session ... ]
[ Cipher: ADH-AES256-SHA (256 bits) ]
[ Attempting to verify TLS session parameters... ]
[ Trying SRP ... ]
SRP Username (root): slls
[ SRP refuses authentication for 'slls' (Password not set) ]
WARNING: unable to verify TLS session parameters.  Continue? (Y/N)
Connection closed.
[root GATE pam.d]# /usr/local/srp/bin/telnet 127.0.0.1
Trying 127.0.0.1...
Connected to GATE (127.0.0.1).
Escape character is '^]'.
[ Negotiating SSL/TLS session ... ]
[ Cipher: ADH-AES256-SHA (256 bits) ]
[ Attempting to verify TLS session parameters... ]
[ Trying SRP ... ]
SRP Username (root): slls
[ SRP refus! es authentication for 'slls' (Password not set) ]
WARNING: unable to verify TLS session parameters.  Continue? (Y/N) y
telnetd: Authorization failed.
Connection closed by foreign host.
2. passwd problem
passwd root
Changing password for user root.
passwd: Authentication token manipulation error
passwd slls
Changing password for user slls.
passwd: Authentication token manipulation error
/usr/local/srp/bin/passwd root
passwd: Authentication token manipulation error
/usr/local/srp/bin/passwd slls
passwd: Authentication token manipulation error
If I replace "password required /lib/security/pam_eps_passwd.so" with "password sufficient /lib/security/pam_eps_passwd.so" in /etc/pam.d/system-auth, the command passwd is OK!
/usr/local/srp/bin/passwd root
New UNIX password:
Retype new UNIX password:
Password changed
Password changed
/usr/local/srp/bin/passwd slls
New UNIX password:Retype new UNIX password:
Password changed
Password changed
3.ssh problem
If I replace "auth sufficient /lib/security/pam_eps_auth.so" with "auth required /lib/security/pam_eps_auth.so" in /etc/pam.d/system-auth, I can't login from putty on windows.
login as: slls
slls GATE's password:
Access denied

the fllowing is the details of 12 config files:  (the addition is between two "############" lines )
1.  vi /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      /lib/security/$ISA/pam_env.so
auth        required    /lib/security/$ISA/pam_unix.so likeauth nullok
#######################
auth        sufficient  &nbs! p; /lib/security/pam_eps_auth.so
#auth       required      /lib/security/pam_eps_auth.so
#######################
auth        required      /lib/security/$ISA/pam_deny.so
account     required      /lib/security/$ISA/pam_unix.so
account     sufficient    /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account     required      /lib/security/$ISA/pam_permit.so
password    requisite     /lib/security/$ISA/pam_cracklib.so retry=3
password    required      /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
#######################
password    required      /lib/security/pam_eps_passwd.so
#password    sufficient    /lib/security/pam_eps_passwd.so
#######################
password    required      /lib/security/$ISA/pam_deny.so
session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so
2. vi /etc/pam.d/passwd
#%PAM-1.0
auth       required     pam_stack.so service=system-auth
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
#####################
password  required  /lib/security/pam_eps_passwd.so
#####################
3. vi /etc/pam.d/login
#%PAM-1.0
auth       required     pam_securetty.so
#########################
auth       required     /lib/security/pam_eps_auth.so
#########################
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
########################
password    required      /lib/security/pam_eps_passwd.so
#######################
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_stack.so service=system-auth
session    required     pam_loginuid.so
session    optional     pam_console.so
# pam_selinux.so open should be the last session rule
session    required     pam_selinux.so multiple open
4. vi /etc/pam.d/telnet (made by myself)
auth required /lib/security/pam_unix.so
auth       required     pam_stack.so service=system-auth
auth       required     /lib/security/pam_eps_auth.so
account    required     pam_stack.so service=system-auth
passwd       required   /lib/security/pam_unix.so nullok use_authtok md5 shadow
passwd       required   /lib/security/pam_eps_passwd.so
session    required     pam_stack.so service=system-auth
5.  vi /etc/pam.d/sshd
#%PAM-1.0
auth       required     pam_stack.so service=system-auth
################
auth       required     /lib/security/pam_eps_auth.so
################
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
################
password    required      /lib/security/pam_eps_passwd.so
################
session    required     pam_stack.so service=system-auth
session    required     pam_loginuid.so
The following is some informations of passwd . I think that it's enough :)
6. vi /etc/tpasswd.conf
1:BeSXzvfTmxCDCkezFu0nATmpRZ7f2Owzq6go.FN/yxc0d6meIMcECy.noWZIdAlddq9NRPQM2KBsJadV3bovReMy4tsVfMBVQmDiLySA3Simn5qrDra20Tc681FDYVdWobC2bsmJQoq9qp3yd1lJZdr/lN4xdanvctOxyCWJA6N:5
7. vi /etc/tpasswd
root:84/Rzyr1DgpRBfmSVTR494fw112Eo6tMc9Hxb9xPDK.owql.YzmcqUsoMUxXKI8nywwyy9AQa//a9hoktE.vECdR933Myb4OSp0DH9Wou7VW2ZJMt.wru4WW2qyi0Ra5C10pL2PVUuFldXms.bdUW26QO37YTnEWjCFNaZHUl1/:KU3RJ6bzeRwQk:1
slls:9E.6uofYjFf32X6I5Ko.6zS2q2SVwSULRo46DkFcPW28ZYNy9m5KEvfPw6m8kHwivU8GtsJYlDoNenFeu3DOl1MO68OQjb8A9Ks5I4j39zA03a6YYpGTIUUnP3xTUb5h1giMOErY05rXQbTCISVJaBKOlz7iLorvTYYfMZjuaFA:212vUN4k1CRD1n:1
8. vi /etc/passwd
root:x:0:0:root:/root:/bin/bash
slls:x:500:500::/home/slls:/bin/bash
9. vi /etc/shadow
root:$1$hXd4s8QX$F3S0e0jpyCv96xvflCldi0:13118:0:99999:7:::
slls:$1$ch/mXiOt$QaNucFtjt3v2uToCoNMYd/:13118:0:99999:7:::
10.  vi /etc/group
root:x:0:root
slls:x:500:
11.  vi /etc/gshadow
root:!!::root
slls:!::
12. vi /etc/securetty
console
vc/1
vc/2
vc/3
vc/4
vc/5
vc/6
vc/7
vc/8
vc/9
vc/10
vc/11
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11
 
 


雅虎免费G邮箱-中国第一绝无垃圾邮件骚扰超大邮箱
雅虎助手¨D搜索、杀毒、防骚扰
[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]