Change /bin/login?
I want to replace /bin/login with a different login program. In case the new login fails to work and will not let anybody logon, how can I get access to the system and change the /bin/login back to the original one?
I guess there are several options. One that I can think of might be to run sshd and open firewall for incoming ssh request. In case new "/bin/login" will not work, I can ssh into the system as a normal user from network and su as root and change original login back. But if key-based authentication is not set up (no key pairs are generated and placed in right places), will sshd fallback and call "/bin/login" for authentication by using "username" and "password"? Any thoughts and solutions? Thanks a lot! |
Don't log out in one terminal while you test whether you can login on another one.
|
You need to get in there and can't log in?
I'm assuming you're using LILO for booting your system. (If there's someone out there who knows the corresponding instructions for booting with grub, please chime in.) When you first boot, LILO will let you type an initialization string. This is the name of the OS image you wish to boot (many people just use "Linux" for this), followed by a space, followed by the initialization parameter, followed by the <Enter> key. LILO also lets you list the choice(s) you have for operating system image name. Let's say the name of the OS image you wish to boot is Linux. So enter this initialization string: Code:
Linux init=/bin/bash Code:
mount -w -n -o remount / Hope this helps. |
Quote:
|
log in on a different terminal, press ctrl-alt-Fn for a new terminal
|
Thanks a lot! Here's couple more questions about your methods.
Quote:
Quote:
Quote:
Thanks! |
Quote:
I think at least I can do the following test to see if "ssh" can still work with the new /bin/login: - login as a normal user; - run "sshd" and open firewall for "ssh"; - "ssh" in from network and ensure it works; - change /bin/login with the new program file as root; - without log out, "ssh" from network again and see if it works; - if "ssh" still works, it's safe to restart system and test new "/bin/login"; if it does not let me in, "ssh" from network and change "/bin/login" back to the original (BUT of coz need to figure out why the new program won't work and make it work in the end since that's the goal:) ) if "ssh" does not work, it shows "sshd" falls back to "login" for authentication w/ username and passwd. Try the method that wjevans_7d1 suggessted and other methods ... |
I don't think that you understood my suggestion. It was to not log out of one terminal and try to log in on another for the testing. If the test fails, restore the original /bin/login on the original terminal.
I don't see why you want to create your own login program. The login process is integrated with PAM and the shadow suite and can be controlled by editing /etc/security/access.conf. |
Quote:
And as for what the mount commands mean, do this at the command prompt: Quote:
|
Quote:
I'm not very aware of how login process really works, especially how it coperates with PAM, could you please give me some more tutorial on this or indicate some resource or reference? For example, if I want to make KDE login support kerberos as well, I think PAM is the only convenient way to do that (again, I don't know if the authentication part for KDE GUI-based login is really a pluggable program-asking for 'username' and 'password' in login window-or not, but it seems to me it does not rely on /bin/login at all). Words convey knowledges. Thanks a lot! Thank wjevans_7d1 too. |
You might want to read "man 5 pam_krb5" and "man 8 pam_krb5". ( Assuming you have added PAM support ).
They may help you configure PAM to use kerberos5. A number of programs may be built with PAM support but not krb5 support. Configuring PAM could save you a lot of work compared to identifying which programs need to be rebuilt with Kerberos support as well. Redhat or Fedora Core may actually build their packages with libkrb5 support built in and may even offer Kerberos as an authentication source in it's configuration programs. Alternatively, they may install and configure pam_krb5 instead, but in either case, this may handle most of the work for you (including either replacing or configuring the login program). Using "lsof | grep -i pam" will give you an idea of running programs that use libpam. Also, "ldd /sbin/* /usr/sbin/* /opt/kde3/sbin/* /opt/gnome/sbin/*" will list libraries a program loads. You can search for pam and krb. I took a look on my laptop. Kde & gnome binaries tend to be built with PAM support. Amorak was built with built in support for both. Code:
amarokapp: |
All times are GMT -5. The time now is 08:55 AM. |