Yesterday I installed pam_shield and followed the testing suggested and thought all was well. today I find that I cannot get to my email account, I can login via ssh okay (uses keys) but su and sudo give segmentation faults. I am guessing due to the pam module causing a problem. As I cannot do remote login as root and sudo and su use pam I appear to have locked myself out.
I have not encountered this issue. And I have been using it on 32bit and 64bit machines with RHEL4 and RHEL5. I guess it must be related to a configuration issue somewhere. Not good though.
Was this with the 0.9.2 release, or the 0.9.3 release ?
Please provide this information to the author, he might help you find the cause and fix it in pam_shield.
Thanks for reporting,
Update - running 0.9.2 release on both a .386 and a .x86_64 system I think the location of the auth optional pam_shield.so line within the /etc/pam.d/ config files is important?? I had an error on the 64 bit machine thus it was not running - I have now fixed and after looking at the response from S.Tindall I have moved the line to the location as shown in /etc/pam.d/system-auth-ac:
<snip> auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_krb5.so use_first_pass auth optional pam_shield.so auth required pam_deny.so <snip> Lets see if this works.
I've tried that too and it was a good suggestion as su now crashes only if you enter a wrong password. I've also tried to rebuild rpmforge srpm with no luck. Could you really make this thing work? I mean did it actually block anything after a series of failed logins?
Sasha