- make proper use of pam_loginuid and pam_selinux in rshd and ftpd
This commit is contained in:
parent
345c67344c
commit
a0f391756d
@ -6,5 +6,10 @@ auth required pam_securetty.so
|
||||
auth required pam_env.so
|
||||
auth required pam_rhosts_auth.so
|
||||
account include system-auth
|
||||
session optional pam_keyinit.so force revoke
|
||||
# pam_selinux.so close should be the first session rule
|
||||
session required pam_selinux.so close
|
||||
session optional pam_keyinit.so force revoke
|
||||
session include system-auth
|
||||
# pam_selinux.so open should only be called for sessions to be executed in the user context
|
||||
session required pam_loginuid.so
|
||||
session required pam_selinux.so open
|
||||
|
@ -4,6 +4,10 @@ auth required pam_shells.so
|
||||
auth include system-auth
|
||||
account required pam_nologin.so
|
||||
account include system-auth
|
||||
# pam_selinux.so close should be the first session rule
|
||||
session required pam_selinux.so close
|
||||
session optional pam_keyinit.so force revoke
|
||||
session include system-auth
|
||||
# pam_selinux.so open should only be called for sessions to be executed in the user context
|
||||
session required pam_loginuid.so
|
||||
session required pam_selinux.so open
|
||||
|
@ -14,7 +14,7 @@
|
||||
Summary: The Kerberos network authentication system.
|
||||
Name: krb5
|
||||
Version: 1.6.2
|
||||
Release: 9%{?dist}
|
||||
Release: 10%{?dist}
|
||||
# Maybe we should explode from the now-available-to-everybody tarball instead?
|
||||
# http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar
|
||||
Source0: krb5-%{version}.tar.gz
|
||||
@ -210,6 +210,9 @@ installed on systems which are meant provide these services.
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Oct 17 2007 Nalin Dahyabhai <nalin@redhat.com> 1.6.2-10
|
||||
- make proper use of pam_loginuid and pam_selinux in rshd and ftpd
|
||||
|
||||
* Fri Oct 12 2007 Nalin Dahyabhai <nalin@redhat.com>
|
||||
- make krb5.conf %%verify(not md5 size mtime) in addition to
|
||||
%%config(noreplace), like /etc/nsswitch.conf (#329811)
|
||||
|
@ -6,5 +6,10 @@ auth required pam_securetty.so
|
||||
auth required pam_env.so
|
||||
auth required pam_rhosts_auth.so
|
||||
account include system-auth
|
||||
session optional pam_keyinit.so force revoke
|
||||
# pam_selinux.so close should be the first session rule
|
||||
session required pam_selinux.so close
|
||||
session optional pam_keyinit.so force revoke
|
||||
session include system-auth
|
||||
# pam_selinux.so open should only be called for sessions to be executed in the user context
|
||||
session required pam_loginuid.so
|
||||
session required pam_selinux.so open
|
||||
|
Loading…
Reference in New Issue
Block a user