Highest Voted 'pam' Questions - Server Fault Stack Exchange

2

votes

1 answer

Managing /etc/security/access.conf with ansible

New to Ansible and have several machines which make use of the pam_access module which is configured in /etc/security/access.conf. Multiple lines specifying ALLOW/DENY (+/-) and then either users or groups along with src IP addresses to…

linux ansible pam

asked May 25 '18 at 14:04

Server Fault

3,714
12
54
89

2

votes

1 answer

Vsftpd/pam_userdb.so - auto-create virtual user home directories

Setup: Amazon Linux EC2 vsftpd PAM authentication with pam_userdb.so Usernames/passwords written to Berkeley user db from an external source (lsyncd). There are many 1000s of virtual users, to date I have manually pre-created home directories for…

pam user-management vsftpd

asked May 09 '18 at 13:01

DanielB6

121
6

2

votes

2 answers

How to use PAM to manage lockout policy for ssh public key authentication methods

I have followed instructions on redhat on how to harden authentication on a linux server, but we only use SSH with public key auth. According to these…

ssh authentication pam public-key password-policy

asked Mar 23 '18 at 20:06

alexfvolk

164
2
10

2

votes

1 answer

How to limit logon time access for groups

I have to limit logon time access for some users. I have googled and found it is possible with pam modules and time.conf. My question is: is it possible to do the same but with groups so, instead of dealing with users, just gather these users and…

linux openldap access-control-list pam

asked Oct 28 '17 at 19:44

Tihal

21
2

2

votes

3 answers

Google-authenticator with openvpn - AUTH: Received control message: AUTH_FAILED

I'm trying to set up MFA with Google authenticator for my OpenVPN setup on Ubuntu 16.04. Now OpenVPN works fine until I bring Google Authenticator into the mix. My server.conf file reads as follows: port 1194 proto udp dev tun ca ca.crt cert…

linux openvpn pam google google-authenticator

asked Aug 22 '17 at 16:17

Arjun Balakrishnan

21
1
3

2

votes

1 answer

Google Authenticator PAM on SSH blocks root login without 2FA

Situation: I have activated Google Authenticator 2FA for SSH logins on Ubuntu 16.04 but made it optional in the /etc/pam.d/sshd: auth required pam_google_authenticator.so nullok I have setup the 2FA for accounts which can login from the Internet…

ubuntu ssh pam root google-authenticator

asked Aug 20 '17 at 21:42

Arno

23
1
3

2

votes

1 answer

sshd pam_ldap: ldap_simple_bind Can't contact LDAP server

Seen lots of similar post regarding my issue but none so far have really contributed to resolving the matter. I have a bunch of old RHEL 5.5 servers which I need to authenticate against an LDAP instance (OpenDJ). I can perform a manual ldapsearch…

ssh ldap pam

asked Jul 26 '17 at 09:30

djc72uk

33
1
6

2

votes

0 answers

pam_afs_session: what does "PAG apparently lost" message in syslog mean?

We access our Debian Linux servers with ssh using GSSAPI. The servers run OpenSSH and take advantage of the pam-stack. In particular, they use pam_afs_session. Every once in a while I see the following messages in the system log: sshd[31799]:…

pam openafs

asked Jul 03 '17 at 14:20

user35042

2,681
12
34
60

2

votes

1 answer

Google Authenticator FreeRADIUS

I'm trying to implement google authenticator PAM module in FreeRADIUS on RHEL7. I've loosely followed this guide: http://www.supertechguy.com/help/security/freeradius-google-auth The reason I say loosely is things appear to have changed with the…

redhat pam radius freeradius google-authenticator

asked Jun 09 '17 at 07:51

Justin Whelan

21
1
3

2

votes

1 answer

What modifies PAM files upon rpm installation to add configuration changes?

This question is meant for general application, but I can use some specific examples to illustrate the nature of my question. When certain Linux authentication packages like krb5, sssd, or pam_pkcs11 are installed something goes into the files under…

linux authentication rpm pam shell-scripting

asked May 31 '17 at 23:46

SeligkeitIstInGott

179
2
5
19

2

votes

0 answers

pam_tally2 does not tally failed logins for failed SSH login attempts

Goal For mobile devices we wish to add an extra layer of security by requiring a PIN code upon ssh login. Mobile access is only a convenience service (users can always pull out their laptops) and accounts should be locked permanently after three…

linux ssh pam

asked Mar 06 '17 at 12:09

Luc

294
3
18

2

votes

1 answer

Writing a pam_python module: "KeyError: getspnam(): name not found"

I'm using a pam_python module to log usernames and passwords used in SSH attempts. in /etc/pam.d/sshd I added this line: auth requisite pam_python.so /lib64/security/pwreveal.py This is /lib64/security/pwreveal.py: import crypt, spwd,…

linux centos ssh python pam

asked Mar 03 '17 at 15:25

Exbi

373
2
7

2

votes

1 answer

SSH Lockout after failed login attempts

I have an Ubuntu Server for my git repositories and other stuff. Sometimes someone trying to hack it (I think it's ok for servers) and after few failed login attempts SSH is locking out. I mean no one can do anything via SSH for 5 minutes or so. For…

linux ubuntu ssh pam

asked Feb 16 '17 at 09:37

Sergey Dudkin

41
1
3

2

votes

2 answers

Pam LDAP request returns wrong credentials (49)

I am trying to set up pam authentification using ldap from Debian jessy to an SLES11 server without success. I always receive a wrong credentials return althoug it can successfully bind usind ldapsearch. Following are the ldap log outputs vor the…

ldap pam

asked Jan 11 '17 at 09:54

Bowdzone

161
8

2

votes

1 answer

CentOS 7 SSH and 2FA (ESET Secure Authentication)

I am stuck at getting two factor-authentication in CentOS 7 to work; specifically the authentication via SSH and OTP. I would very much appreciate it if someone could assist me with this. :) Edit: As I understand it from the log below, the pam…

centos ssh authentication pam radius

asked Jan 05 '17 at 06:50

pomf

21
4

Questions tagged [pam]