Skip to content

Commit

Permalink
pam: declare root as sufficient frr pam account
Browse files Browse the repository at this point in the history 
#11465 enabled account verification,
but the pam config declares rootok as sufficient in authentication only
and not in account verification, what causes warning in the log:

vtysh[3747]: pam_warn(frr:account): function=[pam_sm_acct_mgmt]
             flags=0 service=[frr] terminal=[<unknown>] user=[root]
	     ruser=[<unknown>] rhost=[<unknown>]

Signed-off-by: Marius Tomaschewski <[email protected]>
  • Loading branch information
@mtomaschewski
mtomaschewski committed Nov 11, 2022
1 parent 744de7c commit 6031b8a
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 0 deletions.
1 change: 1 addition & 0 deletions debian/frr.pam
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
# Any user may call vtysh but only those belonging to the group frrvty can
# actually connect to the socket and use the program.
auth sufficient pam_permit.so
account sufficient pam_rootok.so
1 change: 1 addition & 0 deletions redhat/frr.pam
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
# Only allow root (and possibly wheel) to use this because enable access
# is unrestricted.
auth sufficient pam_rootok.so
account sufficient pam_rootok.so

# Uncomment the following line to implicitly trust users in the "wheel" group.
#auth sufficient pam_wheel.so trust use_uid
Expand Down

0 comments on commit 6031b8a

Please sign in to comment.