[CentOS] Re: su, context(selinux?) 2nd prompt
Kanwar Ranbir Sandhu
m3freak at rogers.com
Fri Jan 27 21:42:13 UTC 2006
On Wed, 2006-25-01 at 12:06 -0500, Daniel J Walsh wrote:
> >> Remove multiple from the pam file.
> >>
> >
> > editing /etc/pam.d/su, changing
> > session required /lib/security/$ISA/pam_selinux.so open multiple
> > to
> > session required /lib/security/$ISA/pam_selinux.so open
> >
> > Did the trick, thanks Dan!
> >
> > # rpm -q -f /etc/pam.d/su
> > coreutils-5.2.1-31.2
> >
> >
> You can actually remove the pam_selinux.so lines from the su file
> altogether. We have done this for FC5 and it works
> fine. In strict or MLS Policy you will be required to run newrole but
> in targeted everything should just work.
I'm seeing the same behaviour with telnetd. I had to install it for a
client that runs a text based app which Windows users telnet into (it's
only open to the local network, and the app loads immediately after
login).
When a user logs in via telnet, the same question appears. I told my
client to just accept the default answer, which is "no". Ideally, I'd
like to remove the option all together.
I assume it's possible to turn it off like it was for "su", but I'm not
sure which file to edit. /etc/pam.d/login looks like the closest one,
specifically this line:
# pam_selinux.so open should be the last session rule
session required pam_selinux.so multiple open
I'm not sure though. Any tips?
Regards,
Ranbir
--
Kanwar Ranbir Sandhu
Linux 2.6.14-1.1656_FC4 i686 GNU/Linux
16:34:54 up 9:34, 5 users, load average: 0.06, 0.35, 0.43
More information about the CentOS
mailing list