Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Login: auth mechanism has no effect [SOLVED]
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
dacoool
n00b
n00b


Joined: 06 Oct 2003
Posts: 73
PostPosted: Mon Apr 20, 2009 12:24 pm    Post subject: Login: auth mechanism has no effect [SOLVED] Reply with quote
Hi people,

i've installed gentoo some days ago.
Last night i changed a user-password, rebooted the system and logged in with the old login-data. That was the point, i recognized there went something wrong.
Now i can log into my box using a real username and "ANY" password will be accepted!!!

This is the bigges security hole i've ever seen!!!

Need help!


(gentoo current version, amd64 on Core2Duo)
_________________
just me....

Last edited by dacoool on Sat Apr 25, 2009 5:21 am; edited 1 time in total
Back to top
View user's profile Send private message
aceFruchtsaft
Guru
Guru


Joined: 16 May 2004
Posts: 438
Location: Vienna, Austria
PostPosted: Thu Apr 23, 2009 8:23 pm    Post subject: Reply with quote
If you want help, you will need to provide some information. For starters, post the contents of /etc/pam.d/login and /etc/pam.d/system-auth.
Back to top
View user's profile Send private message
dacoool
n00b
n00b


Joined: 06 Oct 2003
Posts: 73
PostPosted: Sat Apr 25, 2009 4:57 am    Post subject: Reply with quote
Okay, while looking into those files, i saw "thinkfinger.so" added by myself, cause have a fingerprintreader on my thinkpad.

here it is:
Code:
cat /etc/pam.d/login
#%PAM-1.0

auth       required     pam_securetty.so
auth       required     pam_tally.so file=/var/log/faillog onerr=succeed
auth       required     pam_shells.so
auth       required     pam_nologin.so
auth       include      system-auth

account    required     pam_access.so
account    include      system-auth
account    required     pam_tally.so file=/var/log/faillog onerr=succeed

password   include      system-auth

session    required     pam_env.so
session    optional     pam_lastlog.so
session    optional     pam_motd.so motd=/etc/motd
session    optional     pam_mail.so

session    include      system-auth


Code:
cat /etc/pam.d/system-auth
auth            required        pam_env.so
auth            sufficient      pam_thinkfinger.so
auth            sufficient      pam_unix.so try_first_pass likeauth nullok

account         required        pam_unix.so

password        required        pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3
password        required        pam_unix.so try_first_pass use_authtok nullok sha512 shadow

session         required        pam_limits.so
session         required        pam_env.so
session         required        pam_unix.so
session         optional        pam_permit.so



now i'll try without thinkfinger.so, but that's no solution! i want thinkfinger to work!

thanks
_________________
just me....
Back to top
View user's profile Send private message
dacoool
n00b
n00b


Joined: 06 Oct 2003
Posts: 73
PostPosted: Sat Apr 25, 2009 5:21 am    Post subject: [solved] Reply with quote
found the solution:
here
_________________
just me....
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy