[PAMSC] rsh login account recognized as root via sewhoami
search cancel

[PAMSC] rsh login account recognized as root via sewhoami

book

Article ID: 259845

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

PAMSC : 14.1
OS : Redhat 7.9

 

Domain Users (DOMAIN\user1) are using RSH to access Redhat Linux Servers.

Although "id" and "whoami" command returns the Domain user identity, "sewhoami" is returning "root".

 

Environment

Release : 14.1

OS : Redhat 7.9

Cause

PAMSC was not capturing the login correctly due to the "Login flags" configuration was set to "none".

 

Data for LOGINAPPL 'RSH'
 -----------------------------------------------------------
Defaccess         : X
Audit mode        : Failure
Comment           : Predefined rule for Login application.
Login flags       : None
Login method      : Normal
Login path        : /usr/sbin/in.rshd
Login sequence    : SGID, SUID

 

Data for LOGINAPPL 'RLOGIN'
 -----------------------------------------------------------
Defaccess         : X
Audit mode        : Failure
Comment           : Predefined rule for Login application.
Login flags       : None
Login method      : Normal
Login path        : /usr/sbin/in.rlogind
Login sequence    : SGRP, SUID

Resolution

Changed "Login flags" from "none" to "PAM login" and correctly detects the user identity.

 

Powered by Wolken Software