[opensuse] Permissions on the password database may be too restrictive
I've seen mention of this problem on the list previously, but no solutions that work for me... My setup: - A SuSE Linux 9.3 OpenLDAP server - A number of OpenSUSE 10.2 machines, with a very limited number of local accounts, that authenticate against the aforementioned OpenLDAP server. - A couple of SuSE Linux 9.3 client machines, with a limited number of local accounts, authenticating against the aforementioned OpenLDAP server. When logging into the OpenSUSE 10.2 machines, _some_ LDAP users are denied access with the message "Permissions on the password database may be too restrictive". Some LDAP users, however, are able to log in without a problem. I have not found a consistent distinction between the users who are allowed in, and the ones who aren't. When logging into the OpenSUSE 10.2 machines, non-root local users are denied access with the same message. However, if I change the password for the user (as root, by doing `passwd <user>`), they are given access a minute or two later. Note that there is a time lag before access is opened up. When logging into the SuSE Linux 9.3 machines, all users -- local and LDAP -- are able to log in fine. Anyone have thoughts/suggestions as to places that I might start looking. My log files are showing me absolutely nothing (which I consider something of a problem in and of itself, but...) Thanks! - Ian -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----Original Message----- From: Marlier, Ian [mailto:ian.marlier@studentuniverse.com] Sent: Monday, March 26, 2007 3:57 PM To: opensuse@opensuse.org Subject: [opensuse] Permissions on the password database may be too restrictive
I've seen mention of this problem on the list previously, but no solutions that work for me...
My setup: - A SuSE Linux 9.3 OpenLDAP server - A number of OpenSUSE 10.2 machines, with a very limited number of local accounts, that authenticate against the aforementioned OpenLDAP server. - A couple of SuSE Linux 9.3 client machines, with a limited number of local accounts, authenticating against the aforementioned OpenLDAP server.
When logging into the OpenSUSE 10.2 machines, _some_ LDAP users are denied access with the message "Permissions on the password database may be too restrictive". Some LDAP users, however, are able to log in without a problem. I have not found a consistent distinction between the users who are allowed in, and the ones who aren't.
When logging into the OpenSUSE 10.2 machines, non-root local users are denied access with the same message. However, if I change the password for the user (as root, by doing `passwd <user>`), they are given access a minute or two later. Note that there is a time lag before access is opened up.
When logging into the SuSE Linux 9.3 machines, all users -- local and LDAP -- are able to log in fine.
Anyone have thoughts/suggestions as to places that I might start looking. My log files are showing me absolutely nothing (which I consider something of a problem in and of itself, but...)
Additionally, disabling apparmor entirely has no effect on this behavior. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2007-03-26 at 15:57 -0400, Marlier, Ian wrote:
I've seen mention of this problem on the list previously, but no solutions that work for me...
In my case, I had inadvertently set security to paranoid. Otherwise, google... there a lot of appearances. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFGCGtStTMYHG2NR9URAmm/AJwJb6RDV52+infcM4ZiS3Pb8qxwxQCfceur XfFcX4uMWWRY28ZSHOxiqcw= =bkUn -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----Original Message----- From: Carlos E. R. [mailto:robin.listas@telefonica.net] Sent: Monday, March 26, 2007 8:55 PM To: OS-en Subject: Re: [opensuse] Permissions on the password database may be too restrictive
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Monday 2007-03-26 at 15:57 -0400, Marlier, Ian wrote:
I've seen mention of this problem on the list previously, but no solutions that work for me...
In my case, I had inadvertently set security to paranoid.
Otherwise, google... there a lot of appearances.
Oh, believe me...I've Googled. None of the things that I found helped or were relevant, which is why I posted... Security level is set to "easy local" on all of the servers that are having problems. (That and apparmor are the two things that people cited in the Google results I found.) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tue, 27 Mar 2007 10:17:57 -0400
"Marlier, Ian"
-----Original Message----- From: Carlos E. R. [mailto:robin.listas@telefonica.net] Sent: Monday, March 26, 2007 8:55 PM To: OS-en Subject: Re: [opensuse] Permissions on the password database may be too restrictive
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Monday 2007-03-26 at 15:57 -0400, Marlier, Ian wrote:
I've seen mention of this problem on the list previously, but no solutions that work for me...
In my case, I had inadvertently set security to paranoid.
Otherwise, google... there a lot of appearances.
Oh, believe me...I've Googled. None of the things that I found helped or were relevant, which is why I posted...
Security level is set to "easy local" on all of the servers that are having problems. (That and apparmor are the two things that people cited in the Google results I found.)
Did you ever find an answer to this? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (3)
-
Carlos E. R.
-
Marlier, Ian
-
Trey Sizemore