Bug #17787

[deployment][arvados-formula][webshell] centos 7 pam configuration needs to be modified

Added by Javier Bértoli 3 months ago. Updated 2 days ago.

Status:
New
Priority:
Normal
Assigned To:
Category:
Deployment
Target version:
Start date:
Due date:
% Done:

0%

Estimated time:
(Total: 0.00 h)
Story points:
-

Description

Centos' shellinabox pam configuration differs from Debian's and needs to be modified when the webshell role is deployed.

A working configuration for shellinabox is a modified version of /etc/pam.d/login in centos:

#%PAM-1.0
auth [user_unknown=ignore success=ok ignore=ignore default=bad] pam_securetty.so
auth [success=1 default=ignore] pam_arvados.so ClusterID.domain shell_node_name.ClusterID.domain
auth       substack     system-auth
auth       include      postlogin
account    required     pam_nologin.so
account    include      system-auth
password   include      system-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
session    optional     pam_console.so
# pam_selinux.so open should only be followed by sessions to be executed in the user context
session    required     pam_selinux.so open
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    include      system-auth
session    include      postlogin
-session   optional     pam_ck_connector.so

and a init config file /etc/sysconfig/shellinaboxd

# Shell in a box daemon configuration
# For details see shellinaboxd man page

# Basic options
USER=shellinabox
GROUP=shellinabox
CERTDIR=/var/lib/shellinabox
PORT=4200

OPTS="--disable-ssl --no-beep --service=/shell.ClusterID.domain:AUTH:HOME:SHELL" 

Subtasks

Task #17870: ReviewNewWard Vandewege


Related issues

Blocked by Arvados - Bug #17786: [deployment][webshell][shellinabox] centos 7's shellinabox is not pam-enabledNew

History

#1 Updated by Javier Bértoli 3 months ago

  • Blocked by Bug #17786: [deployment][webshell][shellinabox] centos 7's shellinabox is not pam-enabled added

#2 Updated by Peter Amstutz 3 months ago

  • Assigned To set to Javier Bértoli

#3 Updated by Peter Amstutz 3 months ago

  • Target version changed from 2021-06-23 sprint to 2021-07-07 sprint

#4 Updated by Peter Amstutz 2 months ago

  • Target version changed from 2021-07-07 sprint to 2021-07-21 sprint

#5 Updated by Peter Amstutz about 2 months ago

  • Target version changed from 2021-07-21 sprint to 2021-08-04 sprint

#6 Updated by Peter Amstutz about 1 month ago

  • Target version changed from 2021-08-04 sprint to 2021-08-18 sprint

#7 Updated by Peter Amstutz 30 days ago

  • Target version changed from 2021-08-18 sprint to 2021-09-01 sprint

#8 Updated by Peter Amstutz 16 days ago

  • Target version changed from 2021-09-01 sprint to 2021-09-15 sprint

#9 Updated by Peter Amstutz 2 days ago

  • Target version changed from 2021-09-15 sprint to 2021-09-29 sprint

Also available in: Atom PDF