This article applies to BoKS Manager 7.0.0.


Description


Multiple problems have been found in the BoKS PAM module for X-login sessions:

  1. On some platforms an X-login session can result in a core dump if the PAM variable PAM_TTY is not set.
  2. The BoKS PAM module can fail in extracting the X-display number for remote X-login sessions when the remote peer address is an IPv6 address. This will result in an erroneous X-display number being used in audit logs and bwho command output. It can also affect operation of the BoKS X-lock screen lock.


Resolution / Workaround

To resolve this issue, apply hotfix HFBM-0145, available for download from the HelpSystems Community Portal.

The BoKS PAM module has been updated to fix the above problems for X-login.

Note 1:

There is a known bug in the Linux version of XDM display manager that makes it core dump even with this hotfix applied. The bug is in a PAM callback function in the XDM display manager and a workaround is to define HIDE_LOGIN_MESS=on in $BOKS_etc/ENV on each BoKS Server Agent (X Windows Display Server). The effect of this is that the end-user will not be informed about last login, password expiration date etc. at login. This problem does not apply to GDM/Gnome display manager.


Note 2:

The XDM display manager should not be used if support for remote X-login is enabled on a BoKS Server Agent since the XDM display manager does not include the X-display number in the call arguments when calling PAM, thus it will result in the same problem as mentioned in paragraph 2 above.


Still have questions? We can help. Submit a case to Technical Support.

Last Modified On: May 25, 2018