Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [pam]

Pluggable authentication modules, a flexible framework for configuring authentication, most commonly the login component of Linux systems, but used in other components and operating systems.

752 questions
4
votes
2 answers

Linux with AD user accounts - what about root?

Once upon a time I set about getting a Linux server to use our Active Directory for logins, and I got it so that I could login as myself and then work on the server, and SU to root to make system changes using the server's local root…
TessellatingHeckler
  • 5,726
  • 3
  • 26
  • 44
4
votes
3 answers

Is it possible to use custom script for authentication with PAM?

I want to enable users to use my rails application's credentials for login to sftp account. If I understand correctly I should somehow use PAM for this. But I didn't find any info on how to do this?
retro
  • 143
  • 1
  • 5
4
votes
1 answer

Multiple sshd instances using different PAM configurations

I set up multiple open ssh daemons on different ports and would like to have them use different PAM configuration profiles. Is that possible? As far as I understand PAM determines the configuration file name from within the daemon binary - so I'd…
Daniel Baulig
4
votes
1 answer

What is the easiest way to set up composable POSIX groups for SSH & Samba authentication?

Background I'm putting together what I would consider to be a fairly ordinary chunk of infrastructure, but have been running into so many problems that I can't help but wonder if there's an easier way. I need to be able to do the…
Brian Bauman
  • 256
  • 1
  • 2
  • 13
3
votes
0 answers

Must `kinit` user's ticket manually before PAM can mount SMB home directory at login

Ubuntu 14.04 file server Ubuntu 14 Active directory (AD) server running Samba 4 Ubuntu 18 client (fresh install) I've configured for Ubuntu user home directories to be mounted via PAM and SMB/CIFS. The test directory will mount via CIFS manually,…
BurningKrome
  • 525
  • 2
  • 12
  • 22
3
votes
1 answer

Allow user to sudo as any user in group

I'm running a service where I have users that are running services from their home directories. They are all in the group serviceusers, and I have a user that will perform automated tasks initiated from a website on the service users files. Lets…
James McDonnell
  • 131
  • 3
3
votes
2 answers

SSSD LDAP authentication using two different LDAP servers

I am trying to setup LDAP authentication using SSSD on CentOS 7. Is it possible to set up SSSD in a way that it uses two LDAP servers: one LDAP server is used just for authentification (basically just to authenticate with the password) and other…
Mr. White
  • 33
  • 4
3
votes
2 answers

Unable to login with SSH after configure LDAP authentication

I have a CoreOS server which i connected to my LDAP server. I get a correct answer after using id and ldapsearch commands. However, i still not able to login with SSH. I can see on sssd_LDAP.log file that the server has received the request to…
Omri
  • 81
  • 1
  • 5
3
votes
1 answer

Can't make sshd+pam+ldap to work (AuthorizedKeysCommand?)

What I did: Installed libpam-ldapd Set up /etc/ldap/ldap.conf Set up /etc/ssh/ldap-keys.sh as root:root 0755, confirmed it works (/etc/ssh/ldap_keys.sh amadan returns my public keys from LDAP). Set up /etc/nsswitch.conf: passwd, sudo and shadow now…
Amadan
  • 159
  • 1
  • 14
3
votes
1 answer

Should SSSD perform AD access validation for matching local users?

I have been spending many, many happy hours exploring the sssd configuration needed to integrate RHEL7 and Active Directory. A large portion of those have included looking through the many posts here on SSSD and AD integration, particularly to do…
gScott
  • 33
  • 1
  • 6
3
votes
1 answer

SUDO Keeps promting for password, when using SSSD with AD

Hi I am trying to setup SSSD to authenticate to AD on RHEL. I able able to login with my AD user and password and see my groups when I run id. But when I try to use sudo, it just keeps prompting for my password (Sorry, please try again). Any ideas…
CodyK
  • 175
  • 1
  • 9
3
votes
2 answers

How to only allow users and/or groups access certain client machines that are connected to an openldap server?

I would really like to figure out how I can allow users and/or groups access to certain client machines that are all connected to an OpenLDAP server. I would like to do this whether the user is sitting right in front of the client machine itself or…
Alex Lowe
  • 153
  • 2
  • 11
3
votes
1 answer

what does "-session ..." mean in /etc/pam.d/system-session?

In Red Hat 7 I see -session optional pam_systemd.so in /etc/pam.d/system-session. I also see that the - prefix is mentioned in LFS docs: http://www.linuxfromscratch.org/blfs/view/7.6-systemd/general/systemd.html Please help me understand what…
cstamas
  • 6,707
  • 25
  • 42
3
votes
0 answers

X11rdp/xrdp with aad-login -> pam authentication fails (xrdp_mm_process_login_response: login failed)

We are implementing a solution that allows users to login via aad-login (Azure Active Directory login) following this guide: https://github.com/bureado/aad-login Everything works fine - I can login via SSH to the Ubuntu machine (14.04 LTS) with AAD…
Christoph
  • 31
  • 2
3
votes
0 answers

Monitoring failed ssh logins with pam and bash?

I modified /etc/pam.d/common-auth to run a bash script when a login fails or when a login is successful and it works for successful logins but not failed login attempts when trying to ssh. Once I am already on the server and try use sudo both…
Matkey
  • 43
  • 5
1 2 3
50 51