Re: [oe] [PATCH 0/1] quagga: add pam support for vtysh

Fri, 08 Nov 2013 00:35:07 -0800 

On 11/08/2013 12:32 PM, Hongxu Jia wrote:

Test Case:
1. Add DISTRO_FEATURES += 'pam' to local.conf and build image with
    quagga.

2. On target:
1) cat /etc/pam.d/guagga


s/guagga/quagga/

//Hongxu


#
# The PAM configuration file for the quagga `vtysh' service
#

# This allows root to change user infomation without being
# prompted for a password
auth            sufficient      pam_rootok.so

# The standard Unix authentication modules, used with
# NIS (man nsswitch) as well as normal /etc/passwd and
# /etc/shadow entries.
auth       include      common-auth

2) add option debug to pam_rootok.so
  auth      sufficient  pam_rootok.so debug

3) pam_rootok.so
run command vtysh as root, enter qemu0#:
root@qemu0:~# vtysh

Hello, this is Quagga (version 0.99.21).
Copyright 1996-2005 Kunihiro Ishiguro, et al.

qemu0#
log info in /var/log/message(or /var/log/auth.log) shows pam_rootok.so return 
success:
2013-11-08T03:33:44.898360+00:00 qemu0 vtysh: pam_rootok(quagga:auth): root 
check succeeded

4) pam_unix.so
the content of common-auth are shown at section "Common configure files"
comment the configure file quagga pam_rootok.so line, because it will make pam 
return success:
  #auth         sufficient      pam_rootok.so
and modify the pam_unix.so line in common-auth to remove nullok_secure:
  auth  [success=1 default=ignore]      pam_unix.so debug

5) run commands with invalid password:
root@qemu0:~# vtysh
Password:
root@qemu0:~#
log in /var/log/message(or /var/log/auth.log):
2013-11-08T04:20:49.418763+00:00 qemu0 vtysh: pam_unix(quagga:auth): 
authentication failure; logname=root uid=0 euid=0 tty= ruser= rhost=  user=root

//Hongxu


The following changes since commit ffb5434823195cbdc41c76a110eaa6ae04e2b010:

   dnsmasq: uprev to 2.6.3 (2013-11-06 15:12:45 -0500)

are available in the git repository at:

   git://git.pokylinux.org/poky-contrib hongxu/fix-quagga-pam
   http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=hongxu/fix-quagga-pam

Hongxu Jia (1):
   quagga: add pam support for vtysh

  meta-networking/recipes-protocols/quagga/files/quagga.pam | 13 +++++++++++++
  meta-networking/recipes-protocols/quagga/quagga.inc       | 13 ++++++++++++-
  2 files changed, 25 insertions(+), 1 deletion(-)
  create mode 100644 meta-networking/recipes-protocols/quagga/files/quagga.pam



_______________________________________________
Openembedded-devel mailing list
[email protected]
http://lists.openembedded.org/mailman/listinfo/openembedded-devel

Reply via email to