Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [pam]

Pluggable authentication modules, a flexible framework for configuring authentication, most commonly the login component of Linux systems, but used in other components and operating systems.

752 questions
2
votes
0 answers

Set pam_unix password without knowing current password, having authenticated with pam_winbind

Right, so I have winbind authentication set up for login. However, I think there may still be some situations in which it would be useful for the user to be able to set their unix password (in the traditional /etc/passwd and /etc/shadow files). …
Paul Gideon Dann
  • 181
  • 2
  • 6
2
votes
1 answer

Lag between PAM password acceptance and session open on CentOS5

I have a very interesting situation. I have a server running CentOS5.5, and whenever I try to ssh in using any external interface, there is a 4+ second delay, consistently. There is no such delay whenever I use the internal interfaces. For example,…
jyaworski
  • 33
  • 8
2
votes
1 answer

configuring pam with flat files backend

I would like to configure pam module to use flat files for authentication. Basically I need same thing like pam_unix just with possibility to use different files (other than /etc/passwd and /etc/shadow). Is there existing pam module that provides…
Marko
  • 371
  • 5
  • 18
2
votes
0 answers

pam_mysql / vsftpd error 'AUTHENTICATION FALURE (FIRST_PASS)'

I setup vsftpd and mysql auth via pam on Debian Squeeze. Config: auth required pam_mysql.so user=server passwd=x host=localhost db=server table=ftp usercolumn=username passwdcolumn=password crypt=2 sqllog=1 logtable=ftp_logs logmsgcolumn=msg…
Daniel W.
  • 1,609
  • 4
  • 26
  • 48
2
votes
1 answer

edit crontab for apache

I am transfering crontabs from an old server (centos 5.5) to a a new (centos 6.0) and there is a problem with (the most important) user apache. On the new server I am getting the following: root@newserver $ crontab -u apache -e Authentication…
clime
  • 427
  • 1
  • 7
  • 15
2
votes
1 answer

Authenticate Git virtual users via PAM

Can Git authenticate virtual users via PAM? In particular, would Git require some additional utility, such as gitolite or gitosis?
davide
  • 162
  • 8
2
votes
4 answers

pam_tally2 or pam_faillock account lockout with ssh

I'm running RHEL 6.2. Most users will be using SSH to login using passwords. Some might have keys. All accounts are local. I need to lock users out after N failed password logins. The examples in man pam_tally2 and pam_faillock do not lock a user…
user150471
  • 121
  • 1
  • 1
  • 3
2
votes
1 answer

Customize PAM messages

I would like to customize my password expiration warnings. I figured PAM reads them from somewhere, but can't find from where. The question is relevant for both Ubuntu/Debian and Fedora/RHEL/CentOS. Where does PAM read Warning: your password will…
grs
  • 2,235
  • 6
  • 28
  • 36
2
votes
1 answer

How do I disable password complexity in pam

I found tons of articles how to enable password complexity, can someone guide me to how to disable it? (oracle linux) This is my system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is…
Petr
  • 324
  • 2
  • 4
  • 10
2
votes
4 answers

PAM module causes flurry of SSH sessions

While tailing /var/log/auth.log I noticed that there where multiple entries being entered (instantly) by the minute for user "foo". I personally had only one connection open as user "root_bar" while tailing the auth.log (log sample below). As you…
amateur barista
  • 498
  • 3
  • 7
  • 21
2
votes
2 answers

pam_cracklib on Linux: how to disable credits

The pam_cracklib 'minlen' does not work as I want it to. PAM allows passwords even with lesser length than it is set to with the 'minlen' option. It gives credits (by default 1) to the 'upper-case', 'lower-case', 'digit' and…
Nilesh
  • 21
  • 2
2
votes
1 answer

LdapErr: DSID-0C0903AA, data 52e: authenticating against AD '08 with pam_ldap

I have full admin access to the AD '08 server I'm trying to authenticate towards. The error code means invalid credentials, but I wish this was as simple as me typing in the wrong password. First of all, I have a working Apache mod_ldap…
Stefan Midjich
  • 177
  • 1
  • 3
  • 12
2
votes
2 answers

pam_unix(su:session): session opened for user

Jun 26 15:58:52 hostme su: pam_unix(su:session): session opened for user {USER} by root(uid=0) Jun 26 15:59:02 hostme su: pam_unix(su:session): session opened for user {USER} by root(uid=0) Jun 26 15:59:37 hostme su: pam_unix(su:session): session…
Tiffany Walker
  • 6,681
  • 14
  • 56
  • 82
2
votes
1 answer

Console user locked out - pam problems?

I am trying to enable AD authentication for Debian stable servers to enable users to logon via ssh authenticating against Windows AD. It all works fine and I can ssh to the server using my Windows credentials but I have noticed this message on…
Sergei
  • 1,226
  • 16
  • 25
2
votes
1 answer

Account lockout using Openldap

What is the best way to implement account lockout in openldap? I have an openldap server with Ubuntu desktop client connecting to it for authentication. I want he accounts to locked out after say 5 failed authentication attempts I have enabled…
nitins
  • 2,579
  • 15
  • 44
  • 68
1 2 3
50 51