[redhat-lspp] RHEL5 10/27 + KS -- Run_init is locking user account
Eduardo Madeira Fleury
efleury at br.ibm.com
Thu Nov 9 17:28:27 UTC 2006
Hey all,
I think I've found a bug.
Using RHEL5 Server 10/27 refresh installed with the KS script v0.9 I figured
out that executing run_init always increment the pam_tally2 failure count for
the user in question, which means one day or another the user's account gets
locked, currently this happens after 6 successfull run_init calls.
I haven't had the chance to test with a system installed without the KS script
or in the new refresh. If anyone has the chance, would please try and report
results? If this is really a bug I'll open a bugzilla.
To reproduce:
Login as an admin user (ie. one that logs as staff_u. From now on I'll call
it "tux").
# /bin/su -
# newrole -r sysadm_r -t sysadm_t
Clear failog
# pam_tally2 --user tux --reset
Check it's cleared (failures = 0)
# pam_tally2 --user tux
# run_init service
Type in the correct password, you should see run_init usage string.
# pam_tally2 --user tux
... shows 1 failure. And, if you repeat the run_init command 5 or 6 times the
tux account will be locked and then you must unlock it using
# pam_tally2 --user tux --reset
Regards,
--
Eduardo M. Fleury
IBM Linux Technology Center Brazil
Mobile: +55-19-81224410
email/sametime: efleury at br.ibm.com
More information about the redhat-lspp
mailing list