Highest Voted 'pam' Questions - Server Fault Stack Exchange

3

votes

1 answer

pam_cracklib reports bad password correctly but pam_unix module STILL changes the password

I am currently trying to use pam_cracklib which properly fails according to my debug.log but even though it is setup as a password requisite entry in my PAM config file, it still falls through to the next pam_unix module which allows for a password…

pam cracklib

asked Jan 23 '14 at 19:41

jiveturkey

153
1
9

3

votes

3 answers

How to handle centralized user authentication without LDAP?

I'm attempting to create a centralized database for my users for my server and web accesses, so that I can allow those users to log in through ssh if they have access, and through my web services to view their account and system information. I've…

ldap user-management pam nss

asked Nov 14 '13 at 13:32

josh

257
2
12

3

votes

1 answer

PAM Winbind Expired Password

We've got Winbind/Kerberos setup on RHEL for AD authentication. Working fine however I noticed that when a password has expired, we get a warning but shell access is still granted. What's the proper way of handling this? Can we tell PAM to close…

ssh pam winbind

asked Nov 07 '13 at 16:55

kernelpanic

1,276
1
10
30

3

votes

4 answers

How to access Unix passwd file from Apache when using .htaccess?

Is it possible to use the system passwd file for accessing a protected web page with Apache on Linux? Setting up multiple password files for shell access, Apache and Samba is a pain. If there is a mod for that, it would be handy to know.

linux apache-2.2 password pam

asked Aug 14 '09 at 00:21

casualcoder

380
1
4
13

3

votes

1 answer

What does this plugable authentication module (PAM) "code" mean?

I am reading a configuration file for Linux PAM and am wondering what it means: auth [success=2 default=ignore] pam_krb5.so minimum_uid=1000 I understand that "auth" means this rule is applied to authentication. I also get that…

linux pam

asked May 15 '13 at 19:45

Dylan Klomparens

634
2
9
22

3

votes

1 answer

getent and ldapsearch results are inconsistent concerning the loginShell

I have a test that creates a user in LDAP with /bin/bash and I then modify the ldap attributes to /bin/noshell but the results from getent and ldapsearch are inconsistent for the shell. This user does not exists in /etc/passwd. When I do a ‘getent…

ldap pam nss pam-ldap

asked Mar 08 '13 at 23:15

usa ims

361
1
7
14

3

votes

1 answer

sudo failing even though ownership and modes set correctly

I am getting the dreaded sudo: must be setuid root error even though the executable in /usr/bin/sudo has ownership root:root and mode 4755 (-rwsr-xr-x). /etc/sudoers is mode 440. My user is in sudoers with all appropriate settings. I've purged and…

ldap sudo pam

asked Jan 18 '13 at 15:21

David G

338
3
8

3

votes

1 answer

Can I use DenyHosts for a SMTP service

I would like to block some hosts that are brute forcing my SMTP server. I'm currently using DenyHosts for SSHD and was wondering if I can add the SMTP service too. It could be possible based on this…

pam saslauthd denyhosts smtpd

asked Jan 04 '13 at 13:54

Derick Schoonbee

131
1
2

3

votes

2 answers

Ubuntu 12.04 updates broke VSFTP

I am running Ubuntu 12.04 LTS. I did some minor updates using apt. After rebooting vsftp stopped accepting connections system user logins. In the auth log I am getting the following errors Dec 22 22:03:13 helium vsftpd: PAM unable to…

ubuntu pam ftp

asked Dec 22 '12 at 11:53

John Croucher

31
3

3

votes

4 answers

How to grant su access without password to one user only in wheel group (FreeBSD)?

I know how to enable su without a password for all wheel group users by adding the appropriate configuration line in /etc/pam.d/su. I do not want to enable this for all wheel users but only one particular user. I am using FreeBSD 8.1. How do I do…

security freebsd pam pfsense su

asked Dec 19 '12 at 21:29

David G

338
3
8

3

votes

4 answers

pam_ldap.so before pam_unix.so? Is it ever possible?

we have a couple of servers with PAM+LDAP. The configuration is standard (see http://arthurdejong.org/nss-pam-ldapd/setup or http://wiki.debian.org/LDAP/PAM). For example, /etc/pam.d/common-auth contains: auth sufficient pam_unix.so…

unix ldap pam

asked Dec 03 '12 at 17:00

Andrey Sapegin

1,201
2
12
27

3

votes

1 answer

Can I use both the RSA 2-Factor PAM and an Active Directory PAM at the same time?

Let's use the product formerly known as Likewise as an example. I can very easily install this on a Linux machine and join it to an Active Directory domain. I can also use an RSA PAM module so that users are forced to authenticate with a 2-factor…

linux pam

asked Nov 02 '12 at 20:30

Ryan Ries

55,481
10
142
199

3

votes

1 answer

Locking user account on RHEL using PAM LDAP

I have a bit of an edge case here. My institution has a RHEL server where students can log in and do their work. Accounts are held in LDAP and the server uses PAM and LDAP to authenticate. At the end of the academic year I need to lock the student…

ldap pam rhel6

asked Oct 23 '12 at 11:46

Austin

89
1
2
6

3

votes

1 answer

Immediate logout after login with PAM, Kerberos, and LDAP

I've set up remote login on a computer using Kerberos and LDAP. I've also configured NFS to mount onto /home so that the user's home directory is the same wherever they login. Kerberos authentication seems to work fine. I can get a ticket using…

ldap login kerberos pam

asked Oct 09 '12 at 15:12

Dylan Klomparens

634
2
9
22

3

votes

3 answers

Why isn't my cronjob running?

I have a cronjob in /etc/cron.d/mycron that looks like this: 0 3 * * * apache php /path/to/my/script.php In the same file there are other cronjobs begin run as root and other users (which work), but for some reason this job running as…

linux centos cron pam selinux

asked Aug 15 '12 at 16:15

Tom

731
3
11
24

Questions tagged [pam]