pam_cap

[Paweł Lęcznar]

witam, czy działa komuś poprawnie moduł capabilities do pam'a? u mnie 
jest tak

[root w th ~]# rpm -qa pam*
pam-1.1.3-2.x86_64
pam-libs-1.1.3-2.x86_64
pam-pam_cap-2.20-1.x86_64

[root w th ~]# rpm -qa libcap*
libcap-devel-2.20-1.x86_64
libcap-ng-0.6.4-2.x86_64
libcap-ng-utils-0.6.4-2.x86_64
libcap-2.20-1.x86_64
libcap-libs-2.20-1.x86_64

[root w th ~]# grep -v ^# /etc/security/capability.conf | grep .
cap_sys_admin pawel
none *

[root w th ~]# grep -v ^# /etc/pam.d/system-auth | grep .
auth            required        pam_listfile.so item=user sense=deny 
file=/etc/security/blacklist onerr=succeed
auth            required        pam_env.so*
auth            required        pam_cap.so*
auth            required        pam_tally.so deny=0 
file=/var/log/faillog onerr=succeed
auth            required        pam_unix.so try_first_pass
account         required        pam_tally.so file=/var/log/faillog 
onerr=succeed
account         required        pam_time.so
account         required        pam_unix.so
password        required        pam_cracklib.so try_first_pass difok=2 
minlen=8 dcredit=2 ocredit=2 retry=3
password        required        pam_unix.so try_first_pass sha512 shadow 
use_authtok
password        required        pam_exec.so failok seteuid /usr/bin/make 
-C /var/db
session         optional        pam_keyinit.so revoke
session         required        pam_limits.so change_uid
session         [success=1 default=ignore]      pam_succeed_if.so 
service in crond quiet use_uid
session         required        pam_unix.so


samo zalogowanie się na dowolne konto kończy się tak:

[pawel w th ~]$ su -l pawel
Hasło:
Naruszenie ochrony pamięci
[pawel w th ~]$ su -
Hasło:
Naruszenie ochrony pamięci
[pawel w th ~]$


ktoś coś wie co jest popsute? pozdrawiam