rpms/krb5/devel ekshell.pamd, 1.1, 1.2 gssftp.pamd, 1.2, 1.3 krb5.spec, 1.140, 1.141 kshell.pamd, 1.1, 1.2

Nalin Somabhai Dahyabhai (nalin) fedora-extras-commits at redhat.com
Wed Oct 17 17:49:25 UTC 2007 

Author: nalin

Update of /cvs/pkgs/rpms/krb5/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv10216

Modified Files:
	ekshell.pamd gssftp.pamd krb5.spec kshell.pamd 
Log Message:
- make proper use of pam_loginuid and pam_selinux in rshd and ftpd


Index: ekshell.pamd
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/devel/ekshell.pamd,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- ekshell.pamd	22 Jun 2007 21:56:56 -0000	1.1
+++ ekshell.pamd	17 Oct 2007 17:48:52 -0000	1.2
@@ -6,5 +6,10 @@
 auth       required     pam_env.so
 auth       required     pam_rhosts_auth.so
 account    include      system-auth
-session	   optional     pam_keyinit.so    force revoke
+# pam_selinux.so close should be the first session rule
+session    required     pam_selinux.so close
+session    optional     pam_keyinit.so force revoke
 session    include      system-auth
+# pam_selinux.so open should only be called for sessions to be executed in the user context
+session    required     pam_loginuid.so
+session    required     pam_selinux.so open


Index: gssftp.pamd
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/devel/gssftp.pamd,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- gssftp.pamd	22 Jun 2007 22:00:29 -0000	1.2
+++ gssftp.pamd	17 Oct 2007 17:48:52 -0000	1.3
@@ -4,6 +4,10 @@
 auth    include  system-auth
 account required pam_nologin.so
 account include  system-auth
+# pam_selinux.so close should be the first session rule
+session required pam_selinux.so close
 session optional pam_keyinit.so force revoke
 session include  system-auth
+# pam_selinux.so open should only be called for sessions to be executed in the user context
 session required pam_loginuid.so
+session required pam_selinux.so open


Index: krb5.spec
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/devel/krb5.spec,v
retrieving revision 1.140
retrieving revision 1.141
diff -u -r1.140 -r1.141
--- krb5.spec	12 Oct 2007 18:32:28 -0000	1.140
+++ krb5.spec	17 Oct 2007 17:48:52 -0000	1.141
@@ -14,7 +14,7 @@
 Summary: The Kerberos network authentication system.
 Name: krb5
 Version: 1.6.2
-Release: 9%{?dist}
+Release: 10%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -210,6 +210,9 @@
 %endif
 
 %changelog
+* Wed Oct 17 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.2-10
+- make proper use of pam_loginuid and pam_selinux in rshd and ftpd
+
 * Fri Oct 12 2007 Nalin Dahyabhai <nalin at redhat.com>
 - make krb5.conf %%verify(not md5 size mtime) in addition to
   %%config(noreplace), like /etc/nsswitch.conf (#329811)


Index: kshell.pamd
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/devel/kshell.pamd,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- kshell.pamd	22 Jun 2007 21:56:36 -0000	1.1
+++ kshell.pamd	17 Oct 2007 17:48:52 -0000	1.2
@@ -6,5 +6,10 @@
 auth       required     pam_env.so
 auth       required     pam_rhosts_auth.so
 account    include      system-auth
-session	   optional     pam_keyinit.so    force revoke
+# pam_selinux.so close should be the first session rule
+session    required     pam_selinux.so close
+session    optional     pam_keyinit.so force revoke
 session    include      system-auth
+# pam_selinux.so open should only be called for sessions to be executed in the user context
+session    required     pam_loginuid.so
+session    required     pam_selinux.so open

More information about the fedora-extras-commits mailing list