Highest Voted 'pam' Questions - Server Fault Stack Exchange

2

votes

2 answers

PAM dynamic LDAP Authorization with groups

At the moment my PAM is integrated through LDAP with a custom authentication stack in the /etc/pam.d/systhem-auth: auth required pam_env.so auth required pam_faildelay.so delay=2000000 auth sufficient pam_unix.so…

asked Sep 09 '19 at 08:16

LucaP

71
5

2

votes

2 answers

How to create conditional behaviour with pam_exec and PAM_TYPE?

I want to implement conditions for PAM_TYPE open_session and close_session. With this I can trigger different actions at different times for login and logout. I have a script which tests for the variable PAM_TYPE and give appropriate exit codes:…

linux pam

asked Jun 03 '19 at 19:04

h___m

31
4

2

votes

1 answer

PAM: multiple pam_pwquality require to repeat same password multiple times

In a RHEL7 server, I have to implement two password policies that can be described as parameters of PAM pam_pwquality module: password requisite pam_pwquality.so try_first_pass local_users_only minlen=14 password requisite …

pam rhel7

asked May 10 '19 at 14:59

NoNoNo

1,963
14
20

2

votes

0 answers

Local groups mapped to AD users via groups.conf working - but only with ssh login

I'm running a Samba Active Directory domain with Ubuntu 18.04 clients. I used the /etc/security/group.conf file to successfully create a mapping for domain users to the "dialout" group. I tested it on a number of machines, and it worked fine...…

active-directory samba pam groups ubuntu-18.04

asked Apr 12 '19 at 07:32

BurningKrome

525
2
12
22

2

votes

1 answer

Passwd via PAM only work for LDAP

Now I'v got a working setup using PAM+LDAP over SSL but I can only passwd users in the ldap tree, any idea about how to be able to passwd every users ? Here are some conf files : /etc/pam.d/common-password : password optional pam_unix.so…

linux debian ldap pam passwd

asked Dec 21 '09 at 11:15

Henry-Nicolas Tourneur

2

votes

1 answer

Dovecot don't use pam session to create home on mail delivery

I have a mail server with Postfix and Dovecot, my users are mainly stored in a LDAP database and I would like dovecot/postfix to auto create the user home directory (via pam) when needed. It's working well when a user try to log (via imap) on his…

postfix dovecot pam

asked Mar 20 '19 at 15:10

Olivier

15
2

2

votes

0 answers

user pam.d configuration files to prevent updates overwriting them

My server is running and I have modified /etc/pam.d/common-password. When certain programs are installed or there are system updates, it needs to update that file so it asks me if I want to the file should be overwritten or not. One or more of the…

linux debian configuration pam

asked Mar 10 '19 at 05:26

IMTheNachoMan

255
4
16

2

votes

0 answers

User Resource management: cgroups + systemd + ssh

I am trying to limit the memory of a single user that keeps crashing our OpenSuse Server. What I have done is as desribed here, to modify the limit of the user's slice via systemctl set-property user-$UID.slice MemoryHigh=20G where $UID is the user…

ssh systemd pam cgroup

asked Jan 15 '19 at 10:44

Johannes Bleher

121
1

2

votes

1 answer

SELinux: pam_systemd(sudo:session): Failed to connect to system bus: Permission denied

On one of CentOS 7 servers I cannot perform sudo from nrpe user (Nagios daemon remote monitoring). Error message: Dec 31 08:28:10 ip-172-31-36-176 sudo: pam_unix(sudo:session): session opened for user root by (uid=0) Dec 31 08:28:10 ip-172-31-36-176…

centos systemd pam selinux dbus

asked Dec 31 '18 at 13:40

Alexander Gerasimov

193
2
11

2

votes

1 answer

AWS Amazon AMI - Restrict SFTP/SSH access

I have an AWS Amazon Linux EC2 instance running with sftp/ftp server (vsftp). For security purposes I want to protect the system with the best practise solution for AWS instances. My goal is to allow one group with some users for ssh access (incl.…

amazon-web-services amazon-ec2 pam

asked Nov 18 '18 at 18:12

Nintox

21
2

2

votes

2 answers

how to require publickey and otp, or password and otp when logging in with ssh?

I'm trying to get ssh to work in a way where password auth can be skipped with a key, and in addition every login would be followed up with totp using google's libpam on my new debian 9 installation. So far i've been able to get the first part…

linux ssh pam google

asked Nov 10 '18 at 21:13

Noino

121
3

2

votes

1 answer

FTP PAM Setup for VSFTPD

OK. I know this is one of the most asked questions here. But most answers are either telling me to add nologin to allowed shells (nope... not doing that) or disabling SELinux (which i don't have - Ubuntu Server 16.04 RPi3). Another option is saw was…

shell pam vsftpd

asked Sep 16 '18 at 09:22

echo_salik

163
1
1
10

2

votes

3 answers

pam_mount home directories over cifs, sssd and Bionic Beaver

I've configured a Ubuntu Bionic Beaver client to authenticate against a Samba ADS (Zentyal), using sssd. This guide was more or less all it took to get there. EDIT: see my answer to get a quote of the meaning of that "more or less". EDIT2: mentioned…

ubuntu mount pam cifs ubuntu-18.04

asked Jul 20 '18 at 22:06

Lucio Crusca

420
3
12
33

2

votes

1 answer

Cannot login with account on RHEL 7.5 server with DISA STIG Profile enabled

This has happened several times now, and I am getting frustrated. I don't know how it happens, but sometimes a user account gets locked out. I change their passwd, either through passwd or chpasswd. I am confident the password is set correctly, and…

security password pam rhel7

asked Jul 05 '18 at 16:38

Cliff

171
1
7

2

votes

1 answer

pam_winbind: unknown option require_membership_of

I'm trying to configure the VSFTPD with Winbind to restrict users authenticated by Active Directory, only to those that belong to specific group. I'm using a generic conf file for the vsftpd, with few changes: $ cat…

pam vsftpd winbind

asked Jun 15 '18 at 20:29

Joao Bernardes

21
2

Questions tagged [pam]