Host Access Control Is Causing Problems Within Exadata Systems.
(Doc ID 2474247.1)
Last updated on JANUARY 30, 2020
Applies to:
Exadata X6-2 Hardware - Version All Versions and laterInformation in this document applies to any platform.
Symptoms
Make a change to the /etc/pam.d/system-auth and /etc/pam.d/password-auth files. This change is not liked by the host_access-control module at all.
The default line is below:
password requisite pam_passwdqc.so min=5,5,5,5,5 similar=deny
enforce=everyone max=40
Comment this line out and add the line below:
password required pam_cracklib.so debug retry=3 difok=5 minlen=12
dcredit=-1 ucredit=-2 lcredit=-2 ocredit=-2 minclass=4 maxrepeat=2
maxsequence=4 reject_username
So the 2 *-auth files look like this below:
password required pam_cracklib.so debug retry=3 difok=5 minlen=12
dcredit=-1 ucredit=-2 lcredit=-2 ocredit=-2 minclass=4 maxrepeat=2
maxsequence=4 reject_username
#password requisite pam_passwdqc.so min=5,5,5,5,5 similar=deny
enforce=everyone max=40
password sufficient pam_unix.so debug audit try_first_pass use_authtok sha512 shadow remember=10
password required pam_deny.so
Running the host_acces_control module creates an error.
#####dm01[root] /etc/pam.d # /opt/oracle.cellos/host_access_control get-runtime
[2018-08-29 09:25:56 -0400] [ERROR] [IMG-SEC-0A11] Unable to complete requested action.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |