Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [pam]

Pluggable authentication modules, a flexible framework for configuring authentication, most commonly the login component of Linux systems, but used in other components and operating systems.

752 questions
6
votes
2 answers

Logins take a long time

After upgrading to Debian 7.4 password authentication from any service take a long time. This is true for SSH logins, sudo'ing and authentication with dovecot (which is configured to use PAM). I am able to reverse lookup DNS entries, this does not…
Christoph Eicke
  • 256
  • 1
  • 6
6
votes
1 answer

Understanding PAM authentication procedure on FreeBSD with security/sssd

I'm trying to understand what's behaving errantly on my PAM configuration on FreeBSD 10.0 The machine is configured with two different authentication realms, one is the default Unix authentication and the other one is using the System Security…
Vinícius Ferrão
  • 5,520
  • 11
  • 55
  • 95
6
votes
1 answer

Different "RequiredAuthentications2" for sshd and sftp subsystem

we're currently using a 2factor authentication on our SSH servers, so we have "RequiredAuthentications2 publickey,keyboard-interactive" in our sshd_config (publickey for the key, keyboard-interactive is for the 2factor which is handled via PAM) To…
derfloh
  • 61
  • 2
6
votes
2 answers

OpenSSH and PAM authentication using a public key

I'm looking for a way to authenticate users using a public key which is stored in a db (MongoDB). Similar questions usually resulted with a suggestion to installed a patched version of OpenSSH (https://github.com/wuputahllc/openssh-for-git) which…
Gilad Novik
  • 307
  • 2
  • 3
  • 10
6
votes
4 answers

FreeIPA: prevent local root accessing user accounts

So after asking this question, I've been test-driving FreeIPA as a central authentication source based on this question: Managing access to multiple linux system One problem I ran into is that if a user is given local root permissions, they can in…
Swartz
  • 304
  • 5
  • 14
6
votes
2 answers

Virtual users in sshd from a postgres database

I have a Postgresql database full of user accounts, and i would like to allow these user to access a server through ssh, using only public keys authentification. So far, i have setup these parts on an Ubuntu Server: libnss-pgsql2 to connect NSS to…
Bastien Abadie
  • 61
  • 3
6
votes
1 answer

How to use PAM to check LDAP password for some users, yet always use UID/GIDs from local files?

For a subset of my users in /etc/passwd, I would like to configure PAM (on Linux) to do the password checking part of the logon against an LDAP server, ignoring that these users are actually are listed as disabled in /etc/passwd. Specially,…
Jason Kresowaty
  • 501
  • 2
  • 6
  • 20
6
votes
4 answers

kinit & pam_sss: Cannot find KDC for requested realm while getting initial credentials

I have a very similar problem as described in this thread on CentOS 6.3 authenticating against a 2008R2 AD DC. Here is my krb5.conf, I know for a fact that XXXXXXX.LOCAL is the true domain name: [logging] default = FILE:/var/log/krb5libs.log kdc =…
Sauraus
  • 75
  • 1
  • 1
  • 7
6
votes
1 answer

Need help understanding PAM directives

I have the following directives in my /etc/pam.d/sshd file on a RHEL5 box and I'm a bit confused. These directives are there to make LDAP+RADIUS+OTP work. What I'm trying to do is tell pam not to check users UID < 499 for LDAP+RADIUS+OTP and also to…
Sidd
  • 103
  • 1
  • 9
6
votes
3 answers

LDAP and pam without binddn and anonymous access

I am working in a large company and can use its central read-only LDAP server remotely. The LDAP server does not allow anonymous binding. In order to use this server for authentication of the users on my small server with a pam module I need an…
Roman Byshko
  • 254
  • 2
  • 13
6
votes
3 answers

Users cannot use crontab after password security upgrade

I have a box being upgraded from CentOS 5 to CentOS 6. On the original server, all users have MD5 passwords. The upgraded server is now using SHA-512 passwords. Users who have changed their password and have a SHA-512 password in /etc/shadow since…
Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
6
votes
2 answers

How to grant su access to wheel without asking for password on FreeBSD?

I would like to grant users of the wheel group (other sysadmins) su access without being asked for password. I know how to do it with pam in linux, but the question now is for FreeBSD. I am not familiar with the syntax for FreeBSD's PAM subsystem.…
cstamas
  • 6,707
  • 25
  • 42
6
votes
5 answers

Linux authentication via ADS -- allowing only specific groups in PAM

I'm taking the samba / winbind / PAM route to authenticate users on our linux servers from our Active Directory domain. Everything works, but I want to limit what AD groups are allowed to authenticate. Winbind / PAM currently allows any enabled…
Kenaniah
  • 213
  • 1
  • 3
  • 8
6
votes
4 answers

Ubuntu linux takes longer time for incorrect passwords

When I log into my Ubuntu 8.10 box with a correct password the system figures out almost instantaneously that the password is correct and logs me in. However, if I supply an incorrect password, it takes significantly longer to figure out that the…
Parag
  • 219
  • 1
  • 7
6
votes
5 answers

Limiting Failed SSH Logins

I would like to limit failure retries on my Fedora machine to 5. I think I can accomplish it with PAM. But was unable to to do this. I have referred to this article to do this http://www.puschitz.com/SecuringLinux.shtml Please provide suggestions
nitins
  • 2,579
  • 15
  • 44
  • 68
1 2 3
50 51