cancel
Showing results for 
Search instead for 
Did you mean: 
  • ×
    Information
    Need Windows 11 help?
    Check documents and videos on compatibility, FAQs, upgrade information and available fixes.Windows 11 Support Center.
  • post a message
  • ×
    Information
    Need Windows 11 help?
    Check documents and videos on compatibility, FAQs, upgrade information and available fixes.Windows 11 Support Center.
  • post a message
Natolio
New member
3 2 0 0
Message 1 of 5
629
Flag Post

HP ZCentral Remote Boost Opening Session for Users with Expired Password

HP Recommended
Linux

Hello,

 

I am using HP ZCentral Remote Boost Version 20.1.2.8161 on RHEL 7.9.

 

When an LDAP user (free IPA) with an expired password authenticates (using their expired password) via the HP ZCentral Remote Boost Receiver their session is still created.

 

My original /etc/pam.d/rgsender configuration is as follows:
auth        required    pam_nologin.so

auth        include      system-auth

account  include      password-auth

session  required    pam_permit.so

 

I've tried to adjust PAM settings, but every configuration that I've tried has either resulted in all LDAP users being denied (even if their password is not expired) or users with expired passwords still being able to establish a session.

Tags (1)
4 REPLIES 4
KellyRGS
Level 7
Level 7
814 801 58 76
Message 2 of 5
Flag Post
HP Recommended

I am checking into your issue.  I have a RHEL 8.2 setup currently but also have a RHEL 7.9 HDD that I can put into my system.  We do have a userfilter.txt file that can be used to deny connections, but you cannot have Easy Login enabled.  Are you using Easy Login?  Are you saying that the Remote Boost connection is made, and the user is not being denied at the desktop login?  

 

Kelly

I am an HP employee.
Was this reply helpful? Yes No
Natolio
Author
New member
3 2 0 0
Message 3 of 5
Flag Post
HP Recommended

Hi Kelly,

 

That's not quite it, no.

 

The issue is that a user with expired credentials in freeIPA is still granted a session when connectibg to rgsender via rgreceiver. I believe the correct behavior is that the user with expired credentials should either fail to log in, or be prompted to change their password.

 

I'm happy to provide more information if you need it.

 

Thanks!

Was this reply helpful? Yes No
KellyRGS
Level 7
Level 7
814 801 58 76
Message 4 of 5
Flag Post
HP Recommended

Would love to get more info so I do the correct reproduction of your issues.  Let me get PM enabled for you so I can reach out for more details.

Kelly

I am an HP employee.
Was this reply helpful? Yes No
Natolio
Author
New member
3 2 0 0
Message 5 of 5
Flag Post
HP Recommended

Sounds good, thank you!

Was this reply helpful? Yes No
Warning Be alert for scammers posting fake support phone numbers and/or email addresses on the community. If you think you have received a fake HP Support message, please report it to us by clicking on "Flag Post".
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation