From b2d49f178cc69c580039c5fb058f6eba4a542b1f Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Thu, 29 May 2008 22:53:54 -0700 Subject: Allow any user in quagga group to run vtysh Fix the PAM setup file. --- debian/vyatta-quagga.pam | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/debian/vyatta-quagga.pam b/debian/vyatta-quagga.pam index 093e1729..0da44ecb 100644 --- a/debian/vyatta-quagga.pam +++ b/debian/vyatta-quagga.pam @@ -1,3 +1,6 @@ +# This allows root to do vtysh without passwords +auth sufficient pam_rootok.so + # Any user may call vtysh but only those belonging to the group quaggavty can # actually connect to the socket and use the program. -auth sufficient pam_permit.so +auth sufficient pam_wheel.so quaggavty -- cgit v1.2.3 From 2eb541b4cc64ff0d14c57f550cf85a3f07f31b40 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Wed, 4 Jun 2008 10:05:45 -0700 Subject: Fix vtysh authorization The PAM system is asking for quagga (not vyatta-quagga) so need to change the name of the pam file. Make sure file is setup to allow users in quaggavty group to access vtysh without password. --- debian/quagga.pam | 5 +++++ debian/vyatta-quagga.pam | 6 ------ 2 files changed, 5 insertions(+), 6 deletions(-) create mode 100644 debian/quagga.pam delete mode 100644 debian/vyatta-quagga.pam diff --git a/debian/quagga.pam b/debian/quagga.pam new file mode 100644 index 00000000..6dd5d474 --- /dev/null +++ b/debian/quagga.pam @@ -0,0 +1,5 @@ +# This allows root to do vtysh without passwords +auth sufficient pam_rootok.so + +# Only users in group quaggavty can run vtysh +auth required pam_wheel.so trust group=quaggavty diff --git a/debian/vyatta-quagga.pam b/debian/vyatta-quagga.pam deleted file mode 100644 index 0da44ecb..00000000 --- a/debian/vyatta-quagga.pam +++ /dev/null @@ -1,6 +0,0 @@ -# This allows root to do vtysh without passwords -auth sufficient pam_rootok.so - -# Any user may call vtysh but only those belonging to the group quaggavty can -# actually connect to the socket and use the program. -auth sufficient pam_wheel.so quaggavty -- cgit v1.2.3 From 7d4f6603c5e333917ec70986f32ef0661cce318a Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Thu, 5 Jun 2008 09:57:49 -0700 Subject: Workaround for package rename vs pam problem vtysh uses PACKAG_NAME in PAM therfore expects /etc/pam.d/quagga.pam. But dh_installpam only handles package.pam normally, so use option to install other file. --- debian/quagga.pam | 5 ----- debian/rules | 2 +- debian/vyatta-quagga.quagga.pam | 5 +++++ 3 files changed, 6 insertions(+), 6 deletions(-) delete mode 100644 debian/quagga.pam create mode 100644 debian/vyatta-quagga.quagga.pam diff --git a/debian/quagga.pam b/debian/quagga.pam deleted file mode 100644 index 6dd5d474..00000000 --- a/debian/quagga.pam +++ /dev/null @@ -1,5 +0,0 @@ -# This allows root to do vtysh without passwords -auth sufficient pam_rootok.so - -# Only users in group quaggavty can run vtysh -auth required pam_wheel.so trust group=quaggavty diff --git a/debian/rules b/debian/rules index f5f7e932..c5b8cae4 100755 --- a/debian/rules +++ b/debian/rules @@ -126,7 +126,7 @@ binary-arch: build install dh_installdocs dh_installexamples dh_installinit - dh_installpam + dh_installpam --name=quagga dh_installlogrotate dh_strip diff --git a/debian/vyatta-quagga.quagga.pam b/debian/vyatta-quagga.quagga.pam new file mode 100644 index 00000000..6dd5d474 --- /dev/null +++ b/debian/vyatta-quagga.quagga.pam @@ -0,0 +1,5 @@ +# This allows root to do vtysh without passwords +auth sufficient pam_rootok.so + +# Only users in group quaggavty can run vtysh +auth required pam_wheel.so trust group=quaggavty -- cgit v1.2.3