[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-selinux-list
Subject: Re: su, context(selinux?) 2nd prompt
From: Daniel J Walsh <dwalsh () redhat ! com>
Date: 2006-01-30 19:35:00
Message-ID: 43DE6A64.8030206 () redhat ! com
[Download RAW message or body]
Kanwar Ranbir Sandhu wrote:
> On Wed, 2006-25-01 at 12:06 -0500, Daniel J Walsh wrote:
>
>>>> Remove multiple from the pam file.
>>>>
>>>>
>>> editing /etc/pam.d/su, changing
>>> session required /lib/security/$ISA/pam_selinux.so open multiple
>>> to
>>> session required /lib/security/$ISA/pam_selinux.so open
>>>
>>> Did the trick, thanks Dan!
>>>
>>> # rpm -q -f /etc/pam.d/su
>>> coreutils-5.2.1-31.2
>>>
>>>
>>>
>> You can actually remove the pam_selinux.so lines from the su file
>> altogether. We have done this for FC5 and it works
>> fine. In strict or MLS Policy you will be required to run newrole but
>> in targeted everything should just work.
>>
>
> I'm seeing the same behaviour with telnetd. I had to install it for a
> client that runs a text based app which Windows users telnet into (it's
> only open to the local network, and the app loads immediately after
> login).
>
> When a user logs in via telnet, the same question appears. I told my
> client to just accept the default answer, which is "no". Ideally, I'd
> like to remove the option all together.
>
> I assume it's possible to turn it off like it was for "su", but I'm not
> sure which file to edit. /etc/pam.d/login looks like the closest one,
> specifically this line:
>
> # pam_selinux.so open should be the last session rule
> session required pam_selinux.so multiple open
>
> I'm not sure though. Any tips?
>
> Regards,
>
> Ranbir
>
>
Remove multiple for the pam_selinux line.
--
fedora-selinux-list mailing list
fedora-selinux-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic