[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: a few problems since upgrading to potato

Package: login
Severity: important

Just confirmed both your problems, and I'm filing them as important bugs
on the login and PAM packages. Thanks for the feedback.

On Mon, Apr 03, 2000 at 02:59:02AM +0000, Jim Breton wrote:
> I just upgraded my box from slink to potato over the weekend.
> Everything went well for the most part, but I have a few small problems
> that I haven't yet been able to figure out.  Here they are, any help
> would be appreciated:
> 1) In slink I had restricted tty1 logins to members of group root by
> using the following entry in /etc/login.access:
> -:ALL EXCEPT root:tty1
> With potato, I have tried to set up the same feature via the following
> lines in /etc/pam.d/login:
> account  required       pam_access.so
> and in /etc/security/access.conf:
> -:ALL EXCEPT root:tty1
> However, when I test this with a user who is not in group root, he can
> log in fine.  Is there something I am missing?  How can I get this
> functionality back?

Basically it looks like tty matching is broken. If you change tty1 to
ALL, it works (not for the tty1, but for everything). Can you also test
host mathing to see if that works at all? This is a problem in the
pam_access.so module itself.

> 3) I have the following line in /etc/login.defs:
> SULOG_FILE      /var/log/sulog
> This used to work fine in slink; in potato however, the logs are still
> written to that file but they are trashed.  Here's an example:
> SU 04/02 22:10 + tty2 jimb-äÀu
> SU 04/02 22:20 + ttyp7 jimb-äÀ{

Looks like a non-terminated string pointer. Should be easy to find/fix.

/  Ben Collins  --  ...on that fantastic voyage...  --  Debian GNU/Linux   \
`     bcollins@debian.org  --  bcollins@openldap.org  --  bmc@visi.net     '

Reply to: