Highest Voted 'pam' Questions - Server Fault Stack Exchange

0

votes

2 answers

OTP before password with pam_radius and NPS

I have successfully configured pam_radius on a Ubuntu client so that users are asked for an OTP. The radius server is an NPS with Azure MFA extension. The OTP is checked against Azure. It works well, but I'd rather not send the user credentials to…

pam nps azure-mfa

asked Oct 27 '22 at 11:44

francisaugusto

180
10

0

votes

0 answers

What is the downside of not including `:pam` on the keyboard-interactive AuthenticationMethod

I am using PAM for password and 2FA (with @include common auth and auth required pam_google_authenticator.so). When configuring my AuthenticationMethods, is there any reason to not use :pam with keyboard-interactive? What am I loosing (or gaining),…

authentication pam

asked Sep 25 '22 at 17:21

angryserver

1
1

0

votes

0 answers

Why is AuthenticationMethods in sshd_config needed if UsePAM is yes?

My server requires a user password and 2FA code when SSHing in. I have enabled this in /etc/pam.d/sshd by including @include common-auth (for the password) and auth required pam_google_authenticator.so (for the 2FA). My /etc/ssh/sshd_config file has…

ssh authentication pam

asked Sep 25 '22 at 16:41

angryserver

1
1

0

votes

1 answer

Use pam_exec to run a script on an ssh login event

I'm trying out linuxserver.io openssh-server. Its a lightweight openssh image and makes it easy to configure with public key and user name. If I run it, ssh with public key auth, works as expected: $ docker run --rm -d --name ac1 -e PUBLIC_KEY -e…

ssh pam alpine

asked Sep 22 '22 at 07:26

doughgle

99
7

0

votes

1 answer

Remote ssh login does not respect pam umask

My server is on Ubuntu 22.04.1, and recently I discovered that the result of the umask command is 0002 instead of 0022 in an SSH session (non-root), which is odd because I have not messed with any related settings. I have checked and to the best of…

ubuntu ssh pam umask

asked Aug 19 '22 at 07:11

tearfur

1
1

0

votes

0 answers

pam-auth-update update of /etc/pam.d/common-auth doesn't work

I'm trying to match a FreeIPA user to a local group via FreeIPA group membership. When testing the manual edit of common-auth it works. But I'm trying to generate the file with pam-auth-update so that it won't break after an upgrade of something at…

pam groups freeipa

asked Jul 04 '22 at 18:56

dmgeurts

13
4

0

votes

1 answer

pam radius bypass same local user (exception user)

Pam Radius login works with the following configuration. However, it would be necessary for some users to perform local authentication. How can I solve this? [xxxxxxxxxxx ~]# cat /etc/pam.d/sshd #%PAM-1.0 auth [success=done default=bad…

centos ssh authentication pam radius

asked Jun 30 '22 at 12:53

dilen7

1
1

0

votes

0 answers

Ubuntu 21.10 ulimit (open file descriptors) not applying correctly

The situation is strange because I have 2 identical servers with the same application but on one server i get a ulimit error from the custom application ulimit error: too many open files but on the other it is working as expected. I really ensured…

ubuntu pam limits max-file-descriptors file-descriptors

asked Apr 08 '22 at 14:28

Arturski

274
1
5
18

0

votes

1 answer

Can PAM be used with Postfix and Dovecot SASL?

I have set up Postfix to use Dovecot SASL with PAM and Unix users, and Dovecot LDA (LMTP) for local mailbox storage. After some testing, turns out incoming mail gets declined with the reason: Error: passdb lookup failed for [user]: Configured…

postfix dovecot pam sasl

asked Apr 07 '22 at 22:16

Marty Cagas

123
1
7

0

votes

1 answer

Errors mounting Windows share (cifs) with pam_mount

I have an Ubuntu 21.10 pc joined to a Samba AD domain controller. Everything is working absolutely fine - Kerberos is working (can get tickets with kinit), winbind is working (can get info abount users and groups), I am able to log in to the system…

ubuntu mount pam

asked Apr 01 '22 at 06:02

ZDV

1
2

0

votes

0 answers

SSSD alternative for pam_authz_search option in nslcd

I have servers based on RHEL 7 and 8. RHEL 7 serevers use nslcd to work with a LDAP server, RHEL 8 use SSSD. For RHEL 7 I can provide access for users to allowed hosts only. This functions is covered by the option in the nslcd.conf: pam_authz_search…

ldap pam sssd

asked Mar 17 '22 at 12:31

Aleksandr Makhov

578
1
5
19

0

votes

1 answer

Problems sudoing using a host connected to Active Directory (sssd, kerberos local sudoers file)

I am configuring Active Directory authentication for an Alma 8 box using SSSD, Kerberos, and initial SSH key for log in stored in an Active Directory object, and a local sudoers file that lists groups permitted to sudo. I have connected the server…

linux ldap sudo pam sssd

asked Feb 04 '22 at 17:02

motorleague

53
7

0

votes

1 answer

PAM permit works only when dummy suffix is added

I am trying to use PAM to authenticate OpenVPN against 2FA (not important info). Here is my PAM configuration: account required pam_permit.so auth required pam_google_authenticator.so secret=/etc/openvpn/google-authenticator/${USER}…

linux pam alpine google-authenticator

asked Jan 06 '22 at 23:05

Mohammed Noureldin

541
1
11
25

0

votes

1 answer

Apple client unable to login with LDAP backend and GSSAPI or PLAIN

I have a OpenLDAP server with Kerberos5 for authentication and on Linux/Unix/Windows environments I am able to login without a problem. The LDAP server is configured to use GSSAPI or PLAIN that passes trough SASL2 the password to PAM that…

mac-osx openldap pam mitkerberos

asked Dec 28 '21 at 03:08

Sami Hulkko

1
1

0

votes

0 answers

Account locking without bad password pamd ssh

Here is my password-auth file: auth required pam_faillock.so preauth silent deny=5 unlock_time=900 auth required pam_faillock.so authfail deny=5 unlock_time=900 auth include password-auth-ac account …

ssh pam

asked Dec 10 '21 at 22:44

Brandon Kauffman

101
3

Questions tagged [pam]