Re: First Attempt at root login on console always FAILS ??

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Daniel J Walsh <dwalsh@redhat.com>
To: Hasan Rezaul-CHR010 <CHR010@motorola.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>, SE Linux <selinux@tycho.nsa.gov>
Subject: Re: First Attempt at root login on console always FAILS ??
Date: Mon, 17 Mar 2008 10:02:45 -0400	[thread overview]
Message-ID: <47DE7A05.2010105@redhat.com> (raw)
In-Reply-To: <D06FE0A2807BC145B0D38744789D4F5D0472B132@de01exm68.ds.mot.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hasan Rezaul-CHR010 wrote:
> Hi All,
> 
> I am getting an irritating problem on my Linux card (running selinux in
> permissive mode), that I didn't use to see before, and am not sure whats
> causing it :
> 
> When I reset my Linux Card, once it boots up, and I get the login
> prompt, my first attempt at logging in as root on the console, ALWAYS
> fails ! My second attempt and afterwards ALWAYS succeeds !
> 
> unknown host login: root
> password: root
> Login Failure
> unknown host login: root
> Password: root
> root@unknown host#
> 
> 
> 
> This didn't used to happen before, and I am not sure what's causing it.
> I do know that if I disable selinux, the problem goes away !  I am
> guessing the problem is somewhere in between PAM and SELinux. Any
> suggestions on what may be causing it ?  I have versions:
> 
> checkpolicy     1.34.1
> libselinux         1.34.7
> libsemanage     1.10.3
> libsepol            1.16.1
> policycoreutils  1.34.6
> 
> 
> Contents of  /etc/pam.d/login file
> ------------------------------------------------
> 
> # Begin /etc/pam.d/login
> auth        required       pam_tally.so onerr=fail deny=3
> unlock_time=300
> auth        requisite      pam_securetty.so
> auth        requisite      pam_nologin.so
> auth        required       pam_env.so
> auth        required       pam_unix.so
> account     required       pam_tally.so onerr=fail
> account     required       pam_access.so
> account     required       pam_unix.so
> # pam_selinux.so close should be the first session rule
> session     required       pam_selinux.so close
> session     required       pam_loginuid.so
> session     required       pam_motd.so
> session     required       pam_limits.so
> session     optional       pam_mail.so     dir=/var/mail standard
> session     optional       pam_lastlog.so
> session     required       pam_unix.so
> # pam_selinux.so open should only be followed by sessions to be executed
> in the
> user context
> session     required       pam_selinux.so open
> # End /etc/pam.d/login
> 
I would doubt this has anything to do with SELinux, especially when you
are in permissive mode.  Does /var/log/secure show you anything?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkfeegUACgkQrlYvE4MpobMriACdGK3iBx7qnKdM8m1ilfMo09Dm
cxgAn2oTzMMGj3U7iqv6kKLmiqABFzFA
=rBSn
-----END PGP SIGNATURE-----

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.

next prev parent reply	other threads:[~2008-03-17 14:02 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-03-13 22:55 libselinux/matchpathcon has a memory leak Daniel J Walsh
2008-03-13 23:24 ` Eamon Walsh
2008-03-13 23:51   ` Daniel J Walsh
2008-03-14  3:53   ` Joshua Brindle
2008-03-14 13:20   ` Stephen Smalley
2008-03-13 23:28 ` Daniel J Walsh
2008-03-13 23:42   ` Daniel J Walsh
2008-03-14 13:36     ` Stephen Smalley
2008-03-14 15:31       ` Daniel J Walsh
2008-03-14 19:27         ` Eamon Walsh
2008-03-14 20:05           ` Stephen Smalley
2008-03-14 22:15             ` First Attempt at root login on console always FAILS ?? Hasan Rezaul-CHR010
2008-03-17 12:22               ` Stephen Smalley
2008-03-17 22:09                 ` Hasan Rezaul-CHR010
2008-03-18 12:13                   ` Daniel J Walsh
2008-03-18 13:56                   ` Stephen Smalley
2008-03-17 14:02               ` Daniel J Walsh [this message]
2008-04-18 14:31           ` libselinux/matchpathcon has a memory leak Stephen Smalley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=47DE7A05.2010105@redhat.com \
    --to=dwalsh@redhat.com \
    --cc=CHR010@motorola.com \
    --cc=sds@tycho.nsa.gov \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.