Maciej Żenczykowski wrote:
Weird, I'm not seeing this...
Are using an selinux-enabled CentOS 4.2 (or RHEL4U2) box?
-- Rex
On Mon, 23 Jan 2006, Rex Dieter wrote:
With a recent update of CentOS4, su's behavior has changed, in that after prompting for password, also prompts for (selinux?) context. I'm seeing something like: $ su Password: Your default context is root:system_r:unconfined_t.
Do you want to choose a different one? [n]
kde's kdesu barfs on this second prompt. Any way to disable this second prompt?
-- Rex
Rex Dieter wrote:
Maciej Żenczykowski wrote:
Weird, I'm not seeing this...
Are using an selinux-enabled CentOS 4.2 (or RHEL4U2) box?
-- Rex
Remove multiple from the pam file.
On Mon, 23 Jan 2006, Rex Dieter wrote:
With a recent update of CentOS4, su's behavior has changed, in that after prompting for password, also prompts for (selinux?) context. I'm seeing something like: $ su Password: Your default context is root:system_r:unconfined_t.
Do you want to choose a different one? [n]
kde's kdesu barfs on this second prompt. Any way to disable this second prompt?
-- Rex
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
Daniel J Walsh wrote:
On Mon, 23 Jan 2006, Rex Dieter wrote:
With a recent update of CentOS4, su's behavior has changed, in that after prompting for password, also prompts for (selinux?) context. I'm seeing something like: $ su Password: Your default context is root:system_r:unconfined_t.
Do you want to choose a different one? [n]
kde's kdesu barfs on this second prompt. Any way to disable this second prompt?
Remove multiple from the pam file.
editing /etc/pam.d/su, changing session required /lib/security/$ISA/pam_selinux.so open multiple to session required /lib/security/$ISA/pam_selinux.so open
Did the trick, thanks Dan!
# rpm -q -f /etc/pam.d/su coreutils-5.2.1-31.2
A bug in coreutils-5.2.1-31.2 then?
-- Rex
Rex Dieter wrote:
Daniel J Walsh wrote:
On Mon, 23 Jan 2006, Rex Dieter wrote:
With a recent update of CentOS4, su's behavior has changed, in that after prompting for password, also prompts for (selinux?) context. I'm seeing something like: $ su Password: Your default context is root:system_r:unconfined_t.
Do you want to choose a different one? [n]
kde's kdesu barfs on this second prompt. Any way to disable this second prompt?
Remove multiple from the pam file.
editing /etc/pam.d/su, changing session required /lib/security/$ISA/pam_selinux.so open multiple to session required /lib/security/$ISA/pam_selinux.so open
Did the trick, thanks Dan!
# rpm -q -f /etc/pam.d/su coreutils-5.2.1-31.2
You can actually remove the pam_selinux.so lines from the su file altogether. We have done this for FC5 and it works fine. In strict or MLS Policy you will be required to run newrole but in targeted everything should just work.
Dan
A bug in coreutils-5.2.1-31.2 then?
-- Rex
-- fedora-selinux-list mailing list fedora-selinux-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-selinux-list
On Wed, 2006-25-01 at 12:06 -0500, Daniel J Walsh wrote:
Remove multiple from the pam file.
editing /etc/pam.d/su, changing session required /lib/security/$ISA/pam_selinux.so open multiple to session required /lib/security/$ISA/pam_selinux.so open
Did the trick, thanks Dan!
# rpm -q -f /etc/pam.d/su coreutils-5.2.1-31.2
You can actually remove the pam_selinux.so lines from the su file altogether. We have done this for FC5 and it works fine. In strict or MLS Policy you will be required to run newrole but in targeted everything should just work.
I'm seeing the same behaviour with telnetd. I had to install it for a client that runs a text based app which Windows users telnet into (it's only open to the local network, and the app loads immediately after login).
When a user logs in via telnet, the same question appears. I told my client to just accept the default answer, which is "no". Ideally, I'd like to remove the option all together.
I assume it's possible to turn it off like it was for "su", but I'm not sure which file to edit. /etc/pam.d/login looks like the closest one, specifically this line:
# pam_selinux.so open should be the last session rule session required pam_selinux.so multiple open
I'm not sure though. Any tips?
Regards,
Ranbir
Kanwar Ranbir Sandhu wrote:
On Wed, 2006-25-01 at 12:06 -0500, Daniel J Walsh wrote:
Remove multiple from the pam file.
editing /etc/pam.d/su, changing session required /lib/security/$ISA/pam_selinux.so open multiple to session required /lib/security/$ISA/pam_selinux.so open
Did the trick, thanks Dan!
# rpm -q -f /etc/pam.d/su coreutils-5.2.1-31.2
You can actually remove the pam_selinux.so lines from the su file altogether. We have done this for FC5 and it works fine. In strict or MLS Policy you will be required to run newrole but in targeted everything should just work.
I'm seeing the same behaviour with telnetd. I had to install it for a client that runs a text based app which Windows users telnet into (it's only open to the local network, and the app loads immediately after login).
When a user logs in via telnet, the same question appears. I told my client to just accept the default answer, which is "no". Ideally, I'd like to remove the option all together.
I assume it's possible to turn it off like it was for "su", but I'm not sure which file to edit. /etc/pam.d/login looks like the closest one, specifically this line:
# pam_selinux.so open should be the last session rule session required pam_selinux.so multiple open
I'm not sure though. Any tips?
Regards,
Ranbir
Remove multiple for the pam_selinux line.
selinux@lists.fedoraproject.org
-
Daniel J Walsh -
Kanwar Ranbir Sandhu -
Rex Dieter