• ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
  • ×
    Information
    Windows update impacting certain printer icons and names. Microsoft is working on a solution.
    Click here to learn more
    Information
    Need Windows 11 help?
    Check documents on compatibility, FAQs, upgrade information and available fixes.
    Windows 11 Support Center.
  • post a message
Guidelines
The HP Community is where owners of HP products, like you, volunteer to help each other find solutions.
Locked

‎04-06-2022 02:53 PM

HP Recommended
Operating System: Linux

Hello,

 

I am using HP ZCentral Remote Boost Version 20.1.2.8161 on RHEL 7.9.

 

When an LDAP user (free IPA) with an expired password authenticates (using their expired password) via the HP ZCentral Remote Boost Receiver their session is still created.

 

My original /etc/pam.d/rgsender configuration is as follows:
auth        required    pam_nologin.so

auth        include      system-auth

account  include      password-auth

session  required    pam_permit.so

 

I've tried to adjust PAM settings, but every configuration that I've tried has either resulted in all LDAP users being denied (even if their password is not expired) or users with expired passwords still being able to establish a session.

Tags (1)
4 REPLIES 4

‎04-06-2022 06:23 PM - edited ‎04-06-2022 06:36 PM

HP Recommended

I am checking into your issue.  I have a RHEL 8.2 setup currently but also have a RHEL 7.9 HDD that I can put into my system.  We do have a userfilter.txt file that can be used to deny connections, but you cannot have Easy Login enabled.  Are you using Easy Login?  Are you saying that the Remote Boost connection is made, and the user is not being denied at the desktop login?  

 

Kelly

I am an HP employee.
Was this reply helpful? Yes No

‎04-06-2022 10:08 PM

HP Recommended

Hi Kelly,

 

That's not quite it, no.

 

The issue is that a user with expired credentials in freeIPA is still granted a session when connectibg to rgsender via rgreceiver. I believe the correct behavior is that the user with expired credentials should either fail to log in, or be prompted to change their password.

 

I'm happy to provide more information if you need it.

 

Thanks!

Was this reply helpful? Yes No

‎04-07-2022 08:30 AM

HP Recommended

Would love to get more info so I do the correct reproduction of your issues.  Let me get PM enabled for you so I can reach out for more details.

Kelly

I am an HP employee.
Was this reply helpful? Yes No

‎04-07-2022 08:38 AM

HP Recommended

Sounds good, thank you!

Was this reply helpful? Yes No
Warning
Be alert for scammers posting fake support phone numbers and/or email addresses on the community.
If you think you have received a fake HP Support message, please report it to us by clicking on "Flag Post".
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.

Didn't find what you were looking for? Ask the community

† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the <a href="https://www8.hp.com/us/en/terms-of-use.html" class="udrlinesmall">Terms of Use</a> and <a href="/t5/custom/page/page-id/hp.rulespage" class="udrlinesmall"> Rules of Participation</a>.