[redhat-lspp] Problem with "ssh user at localhost"

Wed Jan 17 19:30:57 UTC 2007

On Wed, 2007-01-17 at 13:21 -0600, Loulwa Salem wrote:
> Daniel J Walsh wrote:
> >>
> >>
> > What does /etc/pam.d/sshd look like?
> I have not made any changes to sshd file. I assume you don't see this problem Dan?
> 
> #%PAM-1.0
> #
> #  pam.d/sshd - pam.d/sshd configuration for LSPP compliance
> #               see the Evaluated Configuration Guide for more info
> #
> 
> 
> auth       include      system-auth
> auth       required     pam_tally2.so deny=5 onerr=fail
> 
> account    required     pam_nologin.so
> account    include      system-auth
> account    required     pam_tally2.so
> 
> password   include      system-auth
> 
> session    required     pam_selinux.so close
> session    include      system-auth
> session    required     pam_loginuid.so require_auditd
> # pam_selinux.so open should only be followed by sessions to be
> # executed in the user context
> session    required     pam_selinux.so open
> session    required     pam_namespace.so debug # FIXME, remove debug

There should be no pam_selinux.so in sshd's pam configuration.
-- 
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb