su, context(selinux?) 2nd prompt
Daniel J Walsh
dwalsh at redhat.com
Mon Jan 30 19:35:00 UTC 2006
Kanwar Ranbir Sandhu wrote:
> On Wed, 2006-25-01 at 12:06 -0500, Daniel J Walsh wrote:
>
>>>> Remove multiple from the pam file.
>>>>
>>>>
>>> editing /etc/pam.d/su, changing
>>> session required /lib/security/$ISA/pam_selinux.so open multiple
>>> to
>>> session required /lib/security/$ISA/pam_selinux.so open
>>>
>>> Did the trick, thanks Dan!
>>>
>>> # rpm -q -f /etc/pam.d/su
>>> coreutils-5.2.1-31.2
>>>
>>>
>>>
>> You can actually remove the pam_selinux.so lines from the su file
>> altogether. We have done this for FC5 and it works
>> fine. In strict or MLS Policy you will be required to run newrole but
>> in targeted everything should just work.
>>
>
> I'm seeing the same behaviour with telnetd. I had to install it for a
> client that runs a text based app which Windows users telnet into (it's
> only open to the local network, and the app loads immediately after
> login).
>
> When a user logs in via telnet, the same question appears. I told my
> client to just accept the default answer, which is "no". Ideally, I'd
> like to remove the option all together.
>
> I assume it's possible to turn it off like it was for "su", but I'm not
> sure which file to edit. /etc/pam.d/login looks like the closest one,
> specifically this line:
>
> # pam_selinux.so open should be the last session rule
> session required pam_selinux.so multiple open
>
> I'm not sure though. Any tips?
>
> Regards,
>
> Ranbir
>
>
Remove multiple for the pam_selinux line.
More information about the selinux
mailing list