From: Hongxu Jia <hongxu.jia@windriver.com>
To: <openembedded-devel@lists.openembedded.org>
Subject: [PATCH 0/1] quagga: add pam support for vtysh
Date: Fri, 8 Nov 2013 12:32:12 +0800 [thread overview]
Message-ID: <cover.1383884700.git.hongxu.jia@windriver.com> (raw)
Test Case:
1. Add DISTRO_FEATURES += 'pam' to local.conf and build image with
quagga.
2. On target:
1) cat /etc/pam.d/guagga
#
# The PAM configuration file for the quagga `vtysh' service
#
# This allows root to change user infomation without being
# prompted for a password
auth sufficient pam_rootok.so
# The standard Unix authentication modules, used with
# NIS (man nsswitch) as well as normal /etc/passwd and
# /etc/shadow entries.
auth include common-auth
2) add option debug to pam_rootok.so
auth sufficient pam_rootok.so debug
3) pam_rootok.so
run command vtysh as root, enter qemu0#:
root@qemu0:~# vtysh
Hello, this is Quagga (version 0.99.21).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
qemu0#
log info in /var/log/message(or /var/log/auth.log) shows pam_rootok.so return success:
2013-11-08T03:33:44.898360+00:00 qemu0 vtysh: pam_rootok(quagga:auth): root check succeeded
4) pam_unix.so
the content of common-auth are shown at section "Common configure files"
comment the configure file quagga pam_rootok.so line, because it will make pam return success:
#auth sufficient pam_rootok.so
and modify the pam_unix.so line in common-auth to remove nullok_secure:
auth [success=1 default=ignore] pam_unix.so debug
5) run commands with invalid password:
root@qemu0:~# vtysh
Password:
root@qemu0:~#
log in /var/log/message(or /var/log/auth.log):
2013-11-08T04:20:49.418763+00:00 qemu0 vtysh: pam_unix(quagga:auth): authentication failure; logname=root uid=0 euid=0 tty= ruser= rhost= user=root
//Hongxu
The following changes since commit ffb5434823195cbdc41c76a110eaa6ae04e2b010:
dnsmasq: uprev to 2.6.3 (2013-11-06 15:12:45 -0500)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib hongxu/fix-quagga-pam
http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=hongxu/fix-quagga-pam
Hongxu Jia (1):
quagga: add pam support for vtysh
meta-networking/recipes-protocols/quagga/files/quagga.pam | 13 +++++++++++++
meta-networking/recipes-protocols/quagga/quagga.inc | 13 ++++++++++++-
2 files changed, 25 insertions(+), 1 deletion(-)
create mode 100644 meta-networking/recipes-protocols/quagga/files/quagga.pam
--
1.8.1.2
next reply other threads:[~2013-11-08 4:32 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-11-08 4:32 Hongxu Jia [this message]
2013-11-08 4:32 ` [PATCH 1/1] quagga: add pam support for vtysh Hongxu Jia
2013-11-08 5:08 ` Rongqing Li
2013-11-08 8:30 ` Hongxu Jia
2013-11-08 8:34 ` [PATCH 0/1] " Hongxu Jia
2013-11-26 16:23 ` Joe MacDonald
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1383884700.git.hongxu.jia@windriver.com \
--to=hongxu.jia@windriver.com \
--cc=openembedded-devel@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.