Kanwar Ranbir Sandhu wrote:
On Wed, 2006-25-01 at 12:06 -0500, Daniel J Walsh wrote:
Remove multiple from the pam file.
editing /etc/pam.d/su, changing
session required /lib/security/$ISA/pam_selinux.so open multiple
to
session required /lib/security/$ISA/pam_selinux.so open
Did the trick, thanks Dan!
# rpm -q -f /etc/pam.d/su
coreutils-5.2.1-31.2
You can actually remove the pam_selinux.so lines from the su file
altogether. We have done this for FC5 and it works
fine. In strict or MLS Policy you will be required to run newrole but
in targeted everything should just work.
I'm seeing the same behaviour with telnetd. I had to install it for a
client that runs a text based app which Windows users telnet into (it's
only open to the local network, and the app loads immediately after
login).
When a user logs in via telnet, the same question appears. I told my
client to just accept the default answer, which is "no". Ideally, I'd
like to remove the option all together.
I assume it's possible to turn it off like it was for "su", but I'm not
sure which file to edit. /etc/pam.d/login looks like the closest one,
specifically this line:
# pam_selinux.so open should be the last session rule
session required pam_selinux.so multiple open
I'm not sure though. Any tips?
Regards,
Ranbir
Remove multiple for the pam_selinux line.
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
