[krb5-appl] - drop pam_selinux from the gssftp PAM configuration (#713459) - switch the PAM configurations from
Nalin Dahyabhai
nalin at fedoraproject.org
Wed Jun 15 20:43:01 UTC 2011
commit 69e65726c3929f30a5eae0258c3be472dff1181d
Author: Nalin Dahyabhai <nalin at dahyabhai.net>
Date: Wed Jun 15 16:42:32 2011 -0400
- drop pam_selinux from the gssftp PAM configuration (#713459)
- switch the PAM configurations from including system-auth to including
ekshell.pamd | 4 ++--
gssftp.pamd | 10 +++-------
krb5-appl.spec | 7 ++++++-
kshell.pamd | 4 ++--
4 files changed, 13 insertions(+), 12 deletions(-)
---
diff --git a/ekshell.pamd b/ekshell.pamd
index 5b67b05..472e176 100644
--- a/ekshell.pamd
+++ b/ekshell.pamd
@@ -5,11 +5,11 @@ auth required pam_nologin.so
auth required pam_securetty.so
auth required pam_env.so
auth required pam_rhosts.so
-account include system-auth
+account include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session optional pam_keyinit.so force revoke
-session include system-auth
+session include password-auth
# pam_selinux.so open should only be called for sessions to be executed in the user context
session required pam_loginuid.so
session required pam_selinux.so open
diff --git a/gssftp.pamd b/gssftp.pamd
index 442dfa7..c0fc667 100644
--- a/gssftp.pamd
+++ b/gssftp.pamd
@@ -1,13 +1,9 @@
#%PAM-1.0
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required pam_shells.so
-auth include system-auth
+auth include password-auth
account required pam_nologin.so
-account include system-auth
-# pam_selinux.so close should be the first session rule
-session required pam_selinux.so close
+account include password-auth
session optional pam_keyinit.so force revoke
-session include system-auth
-# pam_selinux.so open should only be called for sessions to be executed in the user context
session required pam_loginuid.so
-session required pam_selinux.so open
+session include password-auth
diff --git a/krb5-appl.spec b/krb5-appl.spec
index 7812d2c..c19b9d8 100644
--- a/krb5-appl.spec
+++ b/krb5-appl.spec
@@ -10,7 +10,7 @@
Summary: Kerberos-aware versions of telnet, ftp, rsh, and rlogin
Name: krb5-appl
Version: 1.0.1
-Release: 7%{?dist}
+Release: 8%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5-appl/1.0/krb5-appl-1.0.1-signed.tar
Source0: krb5-appl-%{version}.tar.gz
@@ -255,6 +255,11 @@ exit 0
%{krb5prefix}/man/man8/telnetd.8*
%changelog
+* Wed Jun 15 2011 Nalin Dahyabhai <nalin at redhat.com> - 1.0.1-8
+- drop pam_selinux from the gssftp PAM configuration (#713459)
+- switch the PAM configurations from including system-auth to including
+ password-auth
+
* Thu Mar 31 2011 Nalin Dahyabhai <nalin at redhat.com> - 1.0.1-7
- incorporate patch to correct parsing errors with "restrict" lines in
ftpusers (#644215, RT#6889)
diff --git a/kshell.pamd b/kshell.pamd
index 90aa311..2d03b3d 100644
--- a/kshell.pamd
+++ b/kshell.pamd
@@ -5,11 +5,11 @@ auth required pam_nologin.so
auth required pam_securetty.so
auth required pam_env.so
auth required pam_rhosts.so
-account include system-auth
+account include password-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session optional pam_keyinit.so force revoke
-session include system-auth
+session include password-auth
# pam_selinux.so open should only be called for sessions to be executed in the user context
session required pam_loginuid.so
session required pam_selinux.so open
More information about the scm-commits
mailing list