Request for a sponsor and a review of: pam_abl
Oliver Falk
oliver at linux-kernel.at
Wed Jul 13 13:01:03 UTC 2005
On 07/13/2005 02:48 PM, Tomas Mraz wrote:
> On Wed, 2005-07-13 at 14:35 +0200, Oliver Falk wrote:
>
>>On 07/13/2005 02:23 PM, Tomas Mraz wrote:
>>
>>>On Tue, 2005-07-12 at 10:00 +0200, Oliver Falk wrote:
>>>
>>>
>>>>Tried this, but get the following, if I enable pam_abl in system-auth:
>>>>
>>>>Jul 12 09:53:24 moon sshd[1944]: PAM unable to resolve symbol:
>>>>pam_sm_open_session
>>>>Jul 12 09:53:24 moon sshd[1944]: PAM unable to resolve symbol:
>>>>pam_sm_close_session
>>>
>>>You've added pam_abl to the session stage but it doesn't have this stage
>>>implemented (no functionality would be there).
>>>
>>>It should be added only to the auth and account stages.
>>
>>I just did what the documentation told me to do:
>>/usr/share/pam_abl-0.2.2/conf/system-auth:
>>
>>#%PAM-1.0
>>auth required /lib/security/$ISA/pam_env.so
>>auth required /lib/security/$ISA/pam_abl.so
>>config=/etc/security/pam_abl.conf
>>auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
>>auth required /lib/security/$ISA/pam_deny.so
>>
>>account required /lib/security/$ISA/pam_unix.so
>>
>>password required /lib/security/$ISA/pam_cracklib.so retry=3 type=
>>password sufficient /lib/security/$ISA/pam_unix.so nullok
>>use_authtok md5 shadow
>>password required /lib/security/$ISA/pam_deny.so
>>
>>session required /lib/security/$ISA/pam_limits.so
>>session required /lib/security/$ISA/pam_abl.so
>>session required /lib/security/$ISA/pam_unix.so
>>
>>So, you tell me, that the documentation is wrong? If so Alexander must
>>change this... In the RPM at least and maybe contact the author of
>>pam_abl to change this...
>
> Yes, I think the documentation is outdated, he should contact the author
> with the bug report possibly.
Hmmm.... With only
auth required pam_abl.so config=/etc/security/pam_abl.conf
in system-auth it works fine, I just blocked root and localhost. :-)
Tomas, what do you think, should a package uninstall check for entries
in /etc/pam.d/* and remove it?
Because if you have configured it and at some time want to remove it, it
could happen:
Jul 13 14:59:05 moon sshd[20970]: PAM unable to
dlopen(/lib/security/pam_abl.so)
Jul 13 14:59:05 moon sshd[20970]: PAM [dlerror:
/lib/security/pam_abl.so: cannot open shared object file: No such file
or directory]
Jul 13 14:59:05 moon sshd[20970]: PAM adding faulty module:
/lib/security/pam_abl.so
:-/
And maybe it should also %ghost /var/lib/abl/hosts.db and users.db, so
it get's removed properly at uninstall...
Best,
Oliver
More information about the fedora-extras-list
mailing list