[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Huge security issue


auth            required                pam_mount.so # use_first_pass

auth       required    pam_env.so
#auth       include     system-auth

account    required    pam_nologin.so
account    include     system-auth
password   include     system-auth
session    optional    pam_keyinit.so force revoke
session    include     system-auth
session    required    pam_loginuid.so
session    optional    pam_console.so
session    optional     pam_mount.so
#session required pam_mount.so


# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        optional      pam_mount.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
#auth        sufficient    pam_krb5.so use_first_pass

auth        sufficient    pam_winbind.so use_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
#account     sufficient    pam_krb5.so
account     sufficient    pam_winbind.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore]
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass
#password    sufficient    pam_krb5.so use_authok
password    sufficient    pam_winbind.so use_authtok
password    required      pam_deny.so

session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in
crond quiet use_uid
session     required      pam_unix.so
session        optional      pam_mount.so
session         required  pam_mkhomedir.so skel=/etc/skel umask=0077
#session     optional      pam_krb5.so
>>> Dan Young <dyoung mesd k12 or us> 02/09/07 10:49 AM >>> 
Daniel Kuecker wrote:
> Just when I thought I had everything going good. I have a huge
> issue. I just noticed that i can log into my thin clients with user
> and any password.
> actually, i can log in as any valid user with any password from GDM.
> I try to do they same with ssh, it will only allow the correct
> I have it setup to auth against ADS. I have two thin clients setup,
> both are allowing this. Does anyone have any suggestions? I need to
> resolve this before any students figure it out and have root
> access.....

Can you show us the contents of /etc/pam.d/gdm and

Dan Young <dyoung mesd k12 or us>
Multnomah ESD - Technology Services

K12OSN mailing list
K12OSN redhat com
For more info see <http://www.k12os.org>

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]