You're absolutely right. On Debian in /etc/pam.d/common-auth we have:
# here are the per-package modules (the "Primary" block)
auth[success=2 default=ignore] pam_unix.so nullok
auth[success=1 default=ignore] pam_sss.so use_first_pass
# here's the fallback if no module succeeds
On ma, 13 joulu 2021, Alexander Bokovoy via FreeIPA-users wrote:
On ma, 13 joulu 2021, GAURAV Pande via FreeIPA-users wrote:
below rpm is installed as a dependency for free IPA server install version
4.6.8 on Oracle Linux 7 .
log4j-1.2.17-16.el7_4.noarch.rpm
can this be confirmed that it
Am Mon, Dec 13, 2021 at 01:34:12PM - schrieb Sam Morris via FreeIPA-users:
> I enabled OTP for my user. On RHEL and Fedora systems, I get the
> expected interactive 'first factor' followed by 'second factor'
> prompts which work fine.
>
> On a Debian system, PAM still only gives me the single
On su, 12 joulu 2021, Steven Jones via FreeIPA-users wrote:
No help off Dell/EMC, they have no idea.
No help off Redhat despite initial promises some years ago when we
looked at IPA/IdM.
Now setting up a "proper" MIT Kerberos Realm, if RH wont engage with
vendors as promised to us its rather
On ma, 13 joulu 2021, Markus Krause via FreeIPA-users wrote:
We have scanned our freeIPA instances and it seems that somehow in PKI
functionality tomcat is being used, which in turn uses log4j.
Does this have an impact?
See my response to the other thread (really, why should we have so many
On ma, 13 joulu 2021, GAURAV Pande via FreeIPA-users wrote:
below rpm is installed as a dependency for free IPA server install version
4.6.8 on Oracle Linux 7 .
log4j-1.2.17-16.el7_4.noarch.rpm
can this be confirmed that it doesnt have any impact on the same ?
I don't use Oracle Linux 7.
Sam Morris via FreeIPA-users wrote:
>> Why is 'sudo -i' an own service at all? Why isn't this covered by the
>> 'sudo' service?
>
> There are situations where you want some PAM modules to run only for
> 'interactive' sessions. On Debian, /etc/pam.d/sudo contains
>
> Why is 'sudo -i' an own service at all? Why isn't this covered by the 'sudo'
> service?
There are situations where you want some PAM modules to run only for
'interactive' sessions. On Debian, /etc/pam.d/sudo contains
"@common-session-noninteractive".
To see what practical difference this
We have scanned our freeIPA instances and it seems that somehow in PKI
functionality tomcat is being used, which in turn uses log4j.
Does this have an impact?
~]# find / -name \log4j\
/etc/tomcat/log4j.properties
No help off Dell/EMC, they have no idea.
No help off Redhat despite initial promises some years ago when we looked at
IPA/IdM.
Now setting up a "proper" MIT Kerberos Realm, if RH wont engage with vendors as
promised to us its rather self-defeating with an "AD" nothing can talk to.
regards
I enabled OTP for my user. On RHEL and Fedora systems, I get the expected
interactive 'first factor' followed by 'second factor' prompts which work fine.
On a Debian system, PAM still only gives me the single 'Password:' prompt and I
have to enter the password + OTP at the same time.
I'm not
below rpm is installed as a dependency for free IPA server install version
4.6.8 on Oracle Linux 7 .
log4j-1.2.17-16.el7_4.noarch.rpm
can this be confirmed that it doesnt have any impact on the same ?
___
FreeIPA-users mailing list --
In order to run 'sudo -i' on RHEL-based Distros we are used to allow
this particular service via a HBAC rule. A colleague of mine found out
that this is not required on Ubuntu 20.04.3 LTS. It seems like that the
'sudo' service is sufficient on Ubuntu systems to run 'sudo -i'.
So... here's my
Hi,
https://access.redhat.com/errata/RHSA-2021:5082 was published this
morning for RHEL 8.5.z as a security update to fix a number of issues in
Samba.
PLEASE DO NOT UPGRADE RHEL IdM SERVERS YET!
This erratum will need to be installed together with a related erratum
for RHEL IdM which is not
14 matches
Mail list logo