[Clip] System-auth configuration RHEL 5.2
James.Homer at nexor.com
Wed May 13 06:31:31 CDT 2009
It seems that the pam configuration that gets installed by the clip rpm
Gets overwritten by the clip kickstart. Line 384
The "enforce_root" is getting dropped. This can quite easily be fixed in our local kickstart. I am not sure if the same problem is present for RHEL 5.3 packages/kickstart.
I was trying to find where this option implemented in code so I could work out exactly what it does, I was expecting it to enforce password complexity on the root user the same as for all other users.
This does not seem to be implemented in RHEL/Fedora pam packages as I get the following error logged when I try to enforce it. I don't on the system with tresys pam package installed.
May 13 12:09:07 hostname passwd: pam_cracklib(passwd:chauthtok): pam_parse: unknown option; enforce_root
I would appreciate if someone on the list could enlighten me as what this option does and where it is implemented. Are the Tresys sources available for download as source RPMs or tar balls?
James Homer CEng MBCS CITP
Senior Technical Consultant
CESG Listed Advisor Scheme Member
DDI: +44 (0) 115 952 0587
Tel: +44 (0) 115 952 0500
Fax: +44 (0) 115 952 0519
mailto:james.homer at nexor.com
Nexor is recognised as an Investor in People and is accredited to ISO 9001/TickIT and ISO/IEC27001:2005. Further details of Nexor's accreditations can be found on our website.
DISCLAIMER: Privileged or confidential information may be contained in this message or within any files transmitted with it. If you are not the intended recipient, kindly destroy the message and notify the sender by reply email. Opinions, conclusions and other information in this message that do not relate to the official business of Nexor are neither given nor endorsed by it.
Nexor Limited, Bell House, Nottingham Science and Technology Park, University Boulevard, Nottingham, NG7 2RL A company registered in England, No: 05152465
More information about the Clip