Highest Voted 'pam' Questions - Server Fault Stack Exchange

10

votes

1 answer

Prevent fork bomb inside docker container

I am currently struggling with limiting number of processes for user which I called sandbox. I configured processes limit inside /etc/security/limits.conf like this: sandbox hard nproc 100 But if I want to connect to…

asked Feb 22 '14 at 14:33

eXPi

101
1
3

10

votes

1 answer

What is nsswitch compat mode?

Red Hat recommended me compat mode in /etc/nsswitch.conf as one of the options to enumerate LDAP users, but later said that it's not a much-used method. nsswitch.conf passwd: files compat passwd_compat: ldap in passwd file, add +@netgroup. What is…

redhat ldap pam pam-ldap nsswitch.conf

asked Aug 19 '13 at 13:36

ujjain

3,983
16
53
91

10

votes

3 answers

vsftpd will not accept passwords encrypted with MD5

I am setting up an server with vsftpd to let virtual users access their space. Now it is fully working but only with CRYPT passwords. So sudo htpasswd -c /etc/vsftpd/ftpd.passwd phpmyadmin will not allow me to log in, but sudo htpasswd -c -d…

ftp pam vsftpd md5

asked Nov 19 '12 at 18:26

Marco

307
1
2
14

10

votes

1 answer

Adding local users / passwords on Kerberized Linux box

Right now if I try to add a non-system user not in the university's Kerberos realm I am prompted for a Kerberos password anyway. Obviously there is no password to be entered, so I just press enter and see: passwd: Authentication token manipulation…

linux kerberos pam

asked Jul 23 '12 at 16:52

Brian

303
1
4
8

10

votes

3 answers

How to deny access to disabled AD accounts via kerberos in pam_krb5?

I have a working AD/Linux/LDAP/KRB5 directory and authentication setup, with one small problem. When an account is disabled, SSH publickey authentication still allows user login. It's clear that kerberos clients can identify a disabled account, as…

linux active-directory kerberos pam

asked May 30 '12 at 14:39

PhilR

483
1
4
15

10

votes

3 answers

ldap force user to change password

I am using CentOS-ds (based off Redhat-DS and 389 directory servers). I have LDAP setup, and working to authenticate users (and Sudo, thats a handy feature!). even passwd is working great to change passwords stored in Ldap. However, I have one…

centos ldap pam

asked Apr 04 '11 at 19:21

Brian

1,233
2
14
25

9

votes

2 answers

Reload /etc/security/limits.conf

I would like to: make a soft 64GB limit for resident memory (so inexperienced users will get their run-amok processes killed, but experienced users can raise the limit for memory hungry processes) raise the hard limit for nofile, but keep the soft…

pam limits

asked Aug 06 '12 at 11:54

Ole Tange

2,946
6
32
47

8

votes

4 answers

Conflicts with PAM configuration files when upgrading system

I have a VPS that runs Ubuntu 14.04.4 LTS; it was installed as a whole with Plesk by OVH. I juste did a apt-get upgrade, and at some point I had a message regarding PAM. The system is in French, but basically it says: At least one file of…

ubuntu apt pam

asked Apr 14 '16 at 20:31

piwi

336
1
3
12

8

votes

3 answers

How can I delay sshd login after bad password

How can I delay the retry response from SSH when a bad password is tried or unsuccessful login attempt. I wanted the delay to be 2-3 second more that usual. I could not find any option in sshd_config file to achieve the same. So can anyone let me…

linux networking ssh security pam

asked Dec 10 '13 at 07:32

Milan

219
1
4
9

8

votes

3 answers

Expired "authentication token" for user with deleted password

The Setup: 1) The user's password was deleted with "passwd -d " command 2) The user has cron jobs running The Problem: Once every 30 days (default password expiration policy) the cron fails with an error Authentication token is no longer valid; new…

cron password pam

asked Jan 20 '12 at 03:38

Aleksey Sanin

81
1
2

8

votes

3 answers

PAM: Execute a command before pam_mkhomedir?

When a user logs into a system and there is no home directory, we would like to to create the user's home directory using pam_mkhomedir. This is a common practice. Here's a quick description of pam_mkhomedir: The pam_mkhomedir PAM module will…

freebsd zfs pam

asked May 24 '11 at 00:51

Stefan Lasiewski

23,667
41
132
186

8

votes

3 answers

How to automatically create user accounts ( SSH + LDAP )

I set up remote LDAP server (Server1) and SSH with pam_ldap on Server2. Everything is working ok, I can login to SSH with LDAP credentials. But when I want to add new user, I have to firstly create it in LDAP databases and then run adduser on…

linux ssh debian ldap pam

asked Sep 14 '10 at 14:01

John

1,493
3
26
46

8

votes

3 answers

Suggest methods for testing changes to "pam.d/common-*" files

How do I test the changes to the pam.d configuration files: Do I need to restart the PAM service to test the changes? Should I go through every service listed in the /etc/pam.d/ directory? I'm about to make changes to the pam.d/common-* files…

linux ubuntu pam ubuntu-10.04

asked Apr 21 '10 at 14:36

Jamie

1,284
7
22
40

7

votes

1 answer

Is it possible to use Kerberos over TLS through sssd?

Background I am trying to log in (via SSH, to an Amazon Linux EC2 instance running sssd) as users that I've created in my AWS Directory Services Simple AD. I am authenticating with Kerberos and identifying the user with LDAP (all through sssd.) I…

kerberos tls pam amazon-elb sssd

asked Dec 31 '15 at 18:55

2rs2ts

325
3
11

7

votes

1 answer

Is it possible to ignore a missing PAM module?

I am configuring yubico-pam to enable passwordless sudo access using challenge-response from a Yubikey. The following works: # /etc/pam.d/sudo auth sufficient pam_yubico.so mode=challenge-response auth required …

mac-osx pam yubikey

asked Apr 02 '15 at 15:03

CodeGnome

285
2
9

Questions tagged [pam]