- make proper use of pam_loginuid and pam_selinux in rshd and ftpd
This commit is contained in:
parent
345c67344c
commit
a0f391756d
@ -6,5 +6,10 @@ auth required pam_securetty.so
|
|||||||
auth required pam_env.so
|
auth required pam_env.so
|
||||||
auth required pam_rhosts_auth.so
|
auth required pam_rhosts_auth.so
|
||||||
account include system-auth
|
account include system-auth
|
||||||
|
# pam_selinux.so close should be the first session rule
|
||||||
|
session required pam_selinux.so close
|
||||||
session optional pam_keyinit.so force revoke
|
session optional pam_keyinit.so force revoke
|
||||||
session include system-auth
|
session include system-auth
|
||||||
|
# pam_selinux.so open should only be called for sessions to be executed in the user context
|
||||||
|
session required pam_loginuid.so
|
||||||
|
session required pam_selinux.so open
|
||||||
|
@ -4,6 +4,10 @@ auth required pam_shells.so
|
|||||||
auth include system-auth
|
auth include system-auth
|
||||||
account required pam_nologin.so
|
account required pam_nologin.so
|
||||||
account include system-auth
|
account include system-auth
|
||||||
|
# pam_selinux.so close should be the first session rule
|
||||||
|
session required pam_selinux.so close
|
||||||
session optional pam_keyinit.so force revoke
|
session optional pam_keyinit.so force revoke
|
||||||
session include system-auth
|
session include system-auth
|
||||||
|
# pam_selinux.so open should only be called for sessions to be executed in the user context
|
||||||
session required pam_loginuid.so
|
session required pam_loginuid.so
|
||||||
|
session required pam_selinux.so open
|
||||||
|
@ -14,7 +14,7 @@
|
|||||||
Summary: The Kerberos network authentication system.
|
Summary: The Kerberos network authentication system.
|
||||||
Name: krb5
|
Name: krb5
|
||||||
Version: 1.6.2
|
Version: 1.6.2
|
||||||
Release: 9%{?dist}
|
Release: 10%{?dist}
|
||||||
# Maybe we should explode from the now-available-to-everybody tarball instead?
|
# Maybe we should explode from the now-available-to-everybody tarball instead?
|
||||||
# http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar
|
# http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar
|
||||||
Source0: krb5-%{version}.tar.gz
|
Source0: krb5-%{version}.tar.gz
|
||||||
@ -210,6 +210,9 @@ installed on systems which are meant provide these services.
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Oct 17 2007 Nalin Dahyabhai <nalin@redhat.com> 1.6.2-10
|
||||||
|
- make proper use of pam_loginuid and pam_selinux in rshd and ftpd
|
||||||
|
|
||||||
* Fri Oct 12 2007 Nalin Dahyabhai <nalin@redhat.com>
|
* Fri Oct 12 2007 Nalin Dahyabhai <nalin@redhat.com>
|
||||||
- make krb5.conf %%verify(not md5 size mtime) in addition to
|
- make krb5.conf %%verify(not md5 size mtime) in addition to
|
||||||
%%config(noreplace), like /etc/nsswitch.conf (#329811)
|
%%config(noreplace), like /etc/nsswitch.conf (#329811)
|
||||||
|
@ -6,5 +6,10 @@ auth required pam_securetty.so
|
|||||||
auth required pam_env.so
|
auth required pam_env.so
|
||||||
auth required pam_rhosts_auth.so
|
auth required pam_rhosts_auth.so
|
||||||
account include system-auth
|
account include system-auth
|
||||||
|
# pam_selinux.so close should be the first session rule
|
||||||
|
session required pam_selinux.so close
|
||||||
session optional pam_keyinit.so force revoke
|
session optional pam_keyinit.so force revoke
|
||||||
session include system-auth
|
session include system-auth
|
||||||
|
# pam_selinux.so open should only be called for sessions to be executed in the user context
|
||||||
|
session required pam_loginuid.so
|
||||||
|
session required pam_selinux.so open
|
||||||
|
Loading…
Reference in New Issue
Block a user