Re: [SOLVED?] PAM_shield locking me out?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Sat, 28 Aug 2010, A. Kirillov wrote:

>> And that's about the only hint on how and where to enable pam_shield.
>> I've tried to add this line to /etc/pam.d/sshd too.
>> Fortunately it didn't crash anything but it didn't work either.
>
> Here's the story for those interested. With the default of
>
> allow_missing_dns no
> allow_missing_reverse no
>
> pam_shield DOESN'T BLOCK hosts with no or incomplete dns entries,
> which is a surprise. Should I say a big one? The reason it didn't work
> for me was that bind wasn't adding reverse maps for my local hosts
> because of screwed up zone file permissions.
>
> On a side note, when testing pam_shield with a recommended
> retention period of 60 secs you have to run /etc/cron.daily/pam-shield
> manually to release expired locks.

Welcome to the wonderful world of Open Source !

If you want to make a difference here, please talk to the upstream 
developers, rather than to this list.

Now, since I use pam_shield myself I have reported both problems (segfault 
of su and login when configuring in /etc/pam.d/system-auth, and the 
above). I haven't tested both, so any feedback or testcase to replicate 
the problem are welcomed by the upstream developers (does not include me).

We also discussed some other improvements:

  - using AUTHPRIV intead of AUTH for logging
  - including shield-trigger-iptables
  - Fixes to Makefile
  - Including manual pages
  - Fixes to INSTALL
  - Both registered bugs

Kind regards,
-- 
--   dag wieers,  dag@xxxxxxxxxx,  http://dag.wieers.com/   --
[Any errors in spelling, tact or fact are transmission errors]
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux