Highest Voted 'pam' Questions - Server Fault Stack Exchange

7

votes

5 answers

PBIS Open AD authentication stops working on ubuntu with errors: "user accout has expired" and "is your account locked?"

We have been using PowerBroker Identity Services Open to authenticate active directory users from ubuntu hosts successfully for six months. Recently AD authentication stopped working on several workstations after users performed an apt-get upgrade…

asked Sep 24 '14 at 00:36

Peter M

973
2
15
27

7

votes

1 answer

Combination of SSH key auth, and two-factor authentication

I was wondering if it is possible to accomplish the following, all at the same time: Disable root logins Enable SSH login for personal user, only via SSH keys Enable SSH login for unprivileged user, with password authentication and two-factor…

ssh password pam two-factor

asked Mar 02 '14 at 20:02

Brandon

191
2
6

7

votes

2 answers

Account Lockout with pam_tally2 in RHEL6

I am using pam_tally2 to lockout accounts after 3 failed logins per policy, however, the connecting user does not receive the error indicating pam_tally2's action. (Via SSH.) I expect to see on the 4th attempt: Account locked due to 3 failed…

redhat pam user-accounts rhel6 hardening

asked Nov 09 '12 at 20:15

Aaron Copley

12,525
5
47
68

7

votes

3 answers

How to use PAM to limit failed login attempts by IP?

I'm working through a process of hardening my server security against the daily hacking attempts that arise the moment you attach a server to an IP and give it a domain name. I get anywhere from 1 to 8 brute force attempts daily to access SSH as…

ssh authentication pam

asked Jun 04 '12 at 14:26

Philip Couling

1,682
1
19
37

7

votes

2 answers

How to use nginx PAM module?

I would like to use nginx PAM module to authenticate a site with existing users on a FreeBSD system. I tried to use pam_unix.so, but no luck. It's just not let me in with my usr/psw pair. :( nginx conf: location / { root html; …

nginx authentication freebsd pam

asked Mar 23 '12 at 12:47

noirello

83
1
1
6

7

votes

5 answers

limits.conf not being applied.

I have the following lines in /etc/security/limits.conf * soft nofile 32768 * hard nofile 65536 root soft nofile 32768 root hard nofile 65536 The…

ubuntu pam ulimit

asked Feb 11 '12 at 19:07

diolemo

283
1
2
7

7

votes

2 answers

debian: cannot change password

As the root user, I can change the password: hussie:/home/claudiu# passwd Enter new password: Retype new password: passwd: password updated successfully As a non-root user I cannot: claudiu@hussie:~$ passwd Current Kerberos password: passwd: User…

debian password kerberos pam

asked Dec 12 '11 at 16:45

Claudiu

1,207
5
21
28

7

votes

2 answers

How to set up two-factor authentication with OTP on FreeBSD?

I have a FreeBSD server that I like to be able to get to from anywhere. Normally I use SSH publickey to log in, or if I don't have my SSH private key available then I might use regular password over SSH. However, when logging in from an untrusted…

security ssh freebsd password pam

asked Aug 26 '10 at 19:57

Greg Hewgill

6,849
3
30
26

6

votes

1 answer

SSH choice of second factor on login

Is it possible to have multiple 2FA pam's setup and give the user the choice of which to use on login? I have google-authenticator setup. I have successfully used my yubiko key as a second factor. I would like to have the choice of which to use on…

linux ssh pam

asked Apr 26 '19 at 05:39

DasPete

173
4

6

votes

1 answer

OpenVPN 2.4 + Google Authenticator = authentication failure

We have a corporate VPN server running OpenVPN 2.3 on an AWS instance with Ubuntu 16.04 Xenial. The server has been configured using an Ansible playbook. I'm planning to upgrade to Ubuntu 18.04 Bionic, which also upgrades OpenVPN to version 2.4…

openvpn pam ubuntu-18.04 google-authenticator

asked Aug 16 '18 at 21:43

Vlad Nikiforov

453
6
15

6

votes

11 answers

Restrict root ssh from all but one IP/hostname

I'm wanting to restrict root ssh login coming from all but a single IP address. I was under the impression that I just had to add this to /etc/pam.d/sshd: account required pam_access.so and this to /etc/security/access.conf: -:root:ALL EXCEPT…

linux ssh pam

asked Dec 01 '09 at 13:33

Chad P

1,510
2
14
16

6

votes

1 answer

How to set-up google-authenticator and set specific match rules to allow different login rules?

I'm trying to set Google-Authenticator (google 2 factor authentication). The relevant files are: [root@srv01 ~]# cat /etc/pam.d/sshd #%PAM-1.0 auth required pam_google_authenticator.so auth required pam_sepermit.so auth include …

ssh login pam google-authenticator

asked Jul 17 '16 at 14:35

Itai Ganot

10,644
29
93
146

6

votes

3 answers

OpenSSH use (public key or password) + google authenticator

I want to allow these two authentication types: public key + google authenticator OR password + google authenticator. I have the following in my sshd_config: AuthenticationMethods publickey,keyboard-interactive:pam…

ssh pam

asked Feb 02 '16 at 18:12

Timothy

161
1
3

6

votes

2 answers

Unable to login via PAM and ldap: failed to get password

I'm trying to have OpenVPN authenticate users via PAM over LDAP to an Active Directory server. Here are the relevant parts of my configuration files: /etc/openvpn/server.conf: # ... plugin /usr/lib64/openvpn/plugins/openvpn-plugin-auth-pam.so…

active-directory openvpn pam pam-ldap

asked Dec 04 '15 at 22:43

Naftuli Kay

1,708
6
24
44

6

votes

3 answers

OpenSSH two factor authentication combined with Kerberos / public key

I'm trying to implement two-factor authentication for OpenSSH. The environment is Centos 7 (kernel: 3.10.0-229.1.2.el7.x86_64) with OpenSSH_6.6.1p1, OpenSSL 1.0.1e-fips 11 Feb 2013. We have Active Directory (LDAP) + Kerberos deployed. The…

authentication ssh kerberos pam

asked May 04 '15 at 15:02

dgyuri92

71
1
4

Questions tagged [pam]