SRP problem is not resovled
Lei Shi`
slxzjscn at yahoo.com.cn
Sat Dec 3 12:34:13 UTC 2005
Thanks for Michael Chang !
But the problem is not resovled. :(
There are 3 problems: telnet, passwd and ssh
1. telnet problem
/usr/local/srp/bin/telnet 127.0.0.1
Trying 127.0.0.1...
Connected to GATE (127.0.0.1).
Escape character is '^]'.
[ Negotiating SSL/TLS session ... ]
[ Cipher: ADH-AES256-SHA (256 bits) ]
[ Attempting to verify TLS session parameters... ]
[ Trying SRP ... ]
SRP Username (root): slls
[ SRP refuses authentication for 'slls' (Password not set) ]
WARNING: unable to verify TLS session parameters. Continue? (Y/N)
Connection closed.
[root at GATE pam.d]# /usr/local/srp/bin/telnet 127.0.0.1
Trying 127.0.0.1...
Connected to GATE (127.0.0.1).
Escape character is '^]'.
[ Negotiating SSL/TLS session ... ]
[ Cipher: ADH-AES256-SHA (256 bits) ]
[ Attempting to verify TLS session parameters... ]
[ Trying SRP ... ]
SRP Username (root): slls
[ SRP refuses authentication for 'slls' (Password not set) ]
WARNING: unable to verify TLS session parameters. Continue? (Y/N) y
telnetd: Authorization failed.
Connection closed by foreign host.
2. passwd problem
passwd root
Changing password for user root.
passwd: Authentication token manipulation error
passwd slls
Changing password for user slls.
passwd: Authentication token manipulation error
/usr/local/srp/bin/passwd root
passwd: Authentication token manipulation error
/usr/local/srp/bin/passwd slls
passwd: Authentication token manipulation error
If I replace "password required /lib/security/pam_eps_passwd.so" with "password sufficient /lib/security/pam_eps_passwd.so" in /etc/pam.d/system-auth, the command passwd is OK!
/usr/local/srp/bin/passwd root
New UNIX password:
Retype new UNIX password:
Password changed
Password changed
/usr/local/srp/bin/passwd slls
New UNIX password:
Retype new UNIX password:
Password changed
Password changed
3.ssh problem
If I replace "auth sufficient /lib/security/pam_eps_auth.so" with "auth required /lib/security/pam_eps_auth.so" in /etc/pam.d/system-auth, I can't login from putty on windows.
login as: slls
slls at GATE's password:
Access denied
the fllowing is the details of 12 config files: (the addition is between two "############" lines )
1. vi /etc/pam.d/system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required /lib/security/$ISA/pam_env.so
auth required /lib/security/$ISA/pam_unix.so likeauth nullok
#######################
auth sufficient /lib/security/pam_eps_auth.so
#auth required /lib/security/pam_eps_auth.so
#######################
auth required /lib/security/$ISA/pam_deny.so
account required /lib/security/$ISA/pam_unix.so
account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100 quiet
account required /lib/security/$ISA/pam_permit.so
password requisite /lib/security/$ISA/pam_cracklib.so retry=3
password required /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
#######################
password required /lib/security/pam_eps_passwd.so
#password sufficient /lib/security/pam_eps_passwd.so
#######################
password required /lib/security/$ISA/pam_deny.so
session required /lib/security/$ISA/pam_limits.so
session required /lib/security/$ISA/pam_unix.so
2. vi /etc/pam.d/passwd
#%PAM-1.0
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
#####################
password required /lib/security/pam_eps_passwd.so
#####################
3. vi /etc/pam.d/login
#%PAM-1.0
auth required pam_securetty.so
#########################
auth required /lib/security/pam_eps_auth.so
#########################
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
########################
password required /lib/security/pam_eps_passwd.so
#######################
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_stack.so service=system-auth
session required pam_loginuid.so
session optional pam_console.so
# pam_selinux.so open should be the last session rule
session required pam_selinux.so multiple open
4. vi /etc/pam.d/telnet (made by myself)
auth required /lib/security/pam_unix.so
auth required pam_stack.so service=system-auth
auth required /lib/security/pam_eps_auth.so
account required pam_stack.so service=system-auth
passwd required /lib/security/pam_unix.so nullok use_authtok md5 shadow
passwd required /lib/security/pam_eps_passwd.so
session required pam_stack.so service=system-auth
5. vi /etc/pam.d/sshd
#%PAM-1.0
auth required pam_stack.so service=system-auth
################
auth required /lib/security/pam_eps_auth.so
################
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
################
password required /lib/security/pam_eps_passwd.so
################
session required pam_stack.so service=system-auth
session required pam_loginuid.so
The following is some informations of passwd . I think that it's enough :)
6. vi /etc/tpasswd.conf
1:BeSXzvfTmxCDCkezFu0nATmpRZ7f2Owzq6go.FN/yxc0d6meIMcECy.noWZIdAlddq9NRPQM2KBsJadV3bovReMy4tsVfMBVQmDiLySA3Simn5qrDra20Tc681FDYVdWobC2bsmJQoq9qp3yd1lJZdr/lN4xdanvctOxyCWJA6N:5
7. vi /etc/tpasswd
root:84/Rzyr1DgpRBfmSVTR494fw112Eo6tMc9Hxb9xPDK.owql.YzmcqUsoMUxXKI8nywwyy9AQa//a9hoktE.vECdR933Myb4OSp0DH9Wou7VW2ZJMt.wru4WW2qyi0Ra5C10pL2PVUuFldXms.bdUW26QO37YTnEWjCFNaZHUl1/:KU3RJ6bzeRwQk:1
slls:9E.6uofYjFf32X6I5Ko.6zS2q2SVwSULRo46DkFcPW28ZYNy9m5KEvfPw6m8kHwivU8GtsJYlDoNenFeu3DOl1MO68OQjb8A9Ks5I4j39zA03a6YYpGTIUUnP3xTUb5h1giMOErY05rXQbTCISVJaBKOlz7iLorvTYYfMZjuaFA:212vUN4k1CRD1n:1
8. vi /etc/passwd
root:x:0:0:root:/root:/bin/bash
slls:x:500:500::/home/slls:/bin/bash
9. vi /etc/shadow
root:$1$hXd4s8QX$F3S0e0jpyCv96xvflCldi0:13118:0:99999:7:::
slls:$1$ch/mXiOt$QaNucFtjt3v2uToCoNMYd/:13118:0:99999:7:::
10. vi /etc/group
root:x:0:root
slls:x:500:
11. vi /etc/gshadow
root:!!::root
slls:!::
12. vi /etc/securetty
console
vc/1
vc/2
vc/3
vc/4
vc/5
vc/6
vc/7
vc/8
vc/9
vc/10
vc/11
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11
---------------------------------
雅虎免费G邮箱-中国第一绝无垃圾邮件骚扰超大邮箱
雅虎助手¨D搜索、杀毒、防骚扰
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20051203/0d6c2d69/attachment.htm>
More information about the Pam-list
mailing list