[CentOS] PAM_shield locking me out?

Rob Kampen rkampen at kampensonline.com
Fri Aug 27 03:51:23 UTC 2010


Dag Wieers wrote:
> On Tue, 24 Aug 2010, Rob Kampen wrote:
>
>   
>> Yesterday I installed pam_shield and followed the testing suggested and 
>> thought all was well.
>> today I find that I cannot get to my email account, I can login via ssh okay 
>> (uses keys) but su and sudo give
>> segmentation faults. I am guessing due to the pam module causing a problem.
>> As I cannot do remote login as root and sudo and su use pam I appear to have 
>> locked myself out.
>>     
>
> I have not encountered this issue. And I have been using it on 32bit and 
> 64bit machines with RHEL4 and RHEL5. I guess it must be related to a 
> configuration issue somewhere. Not good though.
>
> Was this with the 0.9.2 release, or the 0.9.3 release ?
>
> Please provide this information to the author, he might help you find the 
> cause and fix it in pam_shield.
>
> Thanks for reporting,
>   
Update - running 0.9.2 release on both a .386 and a .x86_64 system
I think the location of the
auth   optional    pam_shield.so
line within the /etc/pam.d/ config files is important??
I had an error on the 64 bit machine thus it was not running - I have 
now fixed and after looking at the response from S.Tindall I have moved 
the line to the location as shown in /etc/pam.d/system-auth-ac:
<snip>
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_krb5.so use_first_pass
auth        optional      pam_shield.so
auth        required      pam_deny.so
<snip>
Lets see if this works.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: rkampen.vcf
Type: text/x-vcard
Size: 196 bytes
Desc: not available
URL: <http://lists.centos.org/pipermail/centos/attachments/20100826/d913ef88/attachment.vcf>


More information about the CentOS mailing list