Highest Voted 'pam' Questions - Server Fault Stack Exchange

0

votes

1 answer

problem of Configure linux password rules: password shouldn't be the reverse of previous password

I am configuring password rules in linux system(RedHat Enterprise linux 5). By google, I found that using pam_cracklib will make simple check automatically. That is, pam_cracklib will automatically check if the new password is the reverse one of the…

asked Sep 28 '10 at 06:45

zhaojing

195
2
3
11

0

votes

3 answers

LDAP : why having the root password stored in ldap conf files?

I have working LDAP + SSH solution, but I would like to ask, why do I have to have the ldap root password stored in libnss_ldap.secret and pam_ldap.secret? It seems to be unsecure, someone can hack one ldap client machine a has the password to whole…

linux ldap openldap pam nss

asked Sep 22 '10 at 15:50

John

1,493
3
26
46

0

votes

1 answer

pam_auth_radius - RADIUS users vs unix users

I have recently set up a server with FreeRADIUS to authenticate and keep track of admin logins on some of my devices. I'm looking at getting my Linux and FreeBSD machines authenticating against RADIUS using the pam_auth_radius module. I am…

authentication pam radius passwd freeradius2

asked Aug 16 '10 at 20:03

Cory J

1,568
5
19
28

0

votes

1 answer

pam_filter usage prevent passwd from working

I have PAM+LDAP SSL running on Debian Lenny, it works well. I always want to restrict who's able to connect, in the past I used pam_groupdn for that but I recently got a situation where I has to accept 2 different groups. So I used pam_filter like…

linux ldap pam passwd

asked Aug 04 '10 at 07:44

Henry-Nicolas Tourneur

0

votes

1 answer

Decoding PAM configuration files

Could someone point me to some (recent) documentation that would help me with decoding PAM configuration file lines like this: auth [success=2 default=ignore] pam_unix.so nullok_secure auth [success=1 default=ignore] pam_winbind.so…

active-directory ubuntu pam

asked Apr 20 '10 at 21:57

Jamie

1,284
7
22
40

0

votes

0 answers

avoid leaking info whether the user is denied access or typed the incorrect password

I am currently tinkering with the sshd_config and /etc/security/access.d for a large system with 10k+ users. There are so many different ways of restricting user access and it makes my head spin a bit trying to find "the best way". In short We can…

ssh pam attacks

asked Aug 17 '23 at 13:36

N3buchadnezzar

101

0

votes

1 answer

Refresh kerberos ticket instead of prompting for pam password

Using centralised auth against FreeIPA is working great. In order to use Kerberos SSO when using ssh, scp etc from jumphosts users must initiate their Kerberos tickets first with kinit. I've added this to bashrc for users so that they're prompted…

kerberos pam freeipa bashrc kinit

asked Aug 11 '23 at 13:00

dmgeurts

13
4

0

votes

0 answers

Using shadow password from LDAP while using SSSD for identity

I'd like to use SSSD ldap as a provider for shadow entries. It seems to be supported, given the default config with sssd installed adds sss to both passwd and shadow in nsswitch.conf, but I can't get the shadow entries. Testing getent passwd myuser…

authentication pam sssd

asked Aug 11 '23 at 07:09

viraptor

1,296
6
21
41

0

votes

0 answers

Unable to login via SSH to a Linux machine with my LDAP credentials

I am trying to setup LDAP for users to login to Linux machines. I can change the users to any given users in the LDAP list of users using the su command. A new directory is created as well. So I'm thinking the issue is not with the…

linux ldap openldap pam

asked Aug 09 '23 at 07:00

mikey1996

1
1

0

votes

0 answers

pam: reducing auth method timeout

I have set up user fingerprint auth on Fedora 37 laptops. With fingerprint auth as default auth choice, pam is waiting by default for 10 seconds for a valid fingerprint. Now, I would like to reduce the fingerprint timeout from 10s to 3s , as to fall…

linux authentication pam fingerprint fingerprint-reader

asked Aug 02 '23 at 12:41

THX

243
2
10

0

votes

2 answers

OpenVPN + PAM + Freeradius

Situation: I have fully configured and working Freeradius server. Installed OVPN 2.6.4 on other server. And goal is auth through Radius. Installed pam-radius-auth. Configured (confs below). Authentication is working just fine, but there are no…

openvpn pam freeradius accounting

asked Jun 15 '23 at 16:03

Comandante

1
1

0

votes

1 answer

Trouble with password rules in Linux-PAM

Ubuntu 20.04. I've installed pam_pwquality.so. Here's the contents of /opt/pam.d/common-password: password required pam_pwquality.so retry=1 minlen=10 ucredit=-1 lcredit=-1 dcredit=-1 ocredit=-1 difok=1 symbols="!#%^()&" password required …

linux pam

asked Jun 08 '23 at 20:33

fr0

101

0

votes

0 answers

Redhat Linux 8.5: Upgrading to OpenSSH 9.2 sees '/bin/bash: Permission denied' with root login

After successfully make-installed OpenSSH from source followed detailed instructions from a post of online community (version checked ok), only to see /bin/bash: Permission denied at root login. pam_unix(sshd:session): session closed for user root…

ssh redhat login pam

asked Jun 01 '23 at 09:34

Xiaoyu Zou

1
1

0

votes

0 answers

Caching sessions with pam_timestamp on ubuntu

I am trying to use PAM and the pam_timestamp module to reduce the number of passwords I need to enter. Test program via https://learning.oreilly.com/library/view/linux-security-cookbook/0596003919/ch04s01.html#linuxsckbk-CHP-4-SECT-1.2: #include…

pam

asked May 26 '23 at 23:03

Neal Fultz

101
2

0

votes

0 answers

How to setup pam on debian 11

I have installed debian 11 and pam-ldapd. Now, I want to setup authenticating for openvpn with pam. When I wanted to test it with 'getent passwd' command, I got only local users response. Can you help me please, how to setup it? My nsswitch is…

debian openvpn authentication pam nsswitch.conf

asked May 23 '23 at 09:29

Dave

13
2

Questions tagged [pam]