Highest Voted 'pam' Questions - Server Fault Stack Exchange

6

votes

3 answers

cron+pam heavily spamming my logs

Two times every minute I get this in auth.log: May 12 15:21:01 ruptai CRON[25303]: pam_unix(cron:session): session opened for user root by (uid=0) May 12 15:21:01 ruptai CRON[25303]: pam_unix(cron:session): session closed for user root This never…

debian cron pam

asked May 12 '10 at 13:25

o0'.

411
5
20

6

votes

3 answers

sudo taking long time

On a Ubuntu 9 64bit Linux machine, sudo takes longer time to start. "sudo echo hi" takes 2-3 minutes. strace on sudo tells poll("/etc/pam.d/system-auth", POLLIN) timesout after 5 seconds and there are multiple calls(may be a loop) to same system…

linux sudo pam

asked May 10 '10 at 07:17

Sam

6

votes

5 answers

Multiple logins with pam_mount means multiple (redundant) mounts

I've configured pam_mount.so to automagically mount a cifs share when users login; the problem is if a user logs into multiple times simultaneously, the mount command is repeated multiple times. This so far isn't a problem but it's messy when you…

ubuntu unix cifs pam

asked Apr 23 '10 at 19:24

Jamie

1,284
7
22
40

6

votes

3 answers

LDAP Users Home Directories

I'm trying to setup linux login via an LDAP server. I have everything working except setting the user's home directory. There is no parameter in the LDAP database that I can map to the homeDirectory attribute and I don't have the power to change…

linux ldap pam

asked Jan 21 '10 at 19:55

Tom Kiley

101
1
2
6

5

votes

1 answer

SSH works with expired Kerberos Password

I have setup SSH - single sign on using kerberos V5. When a user password has expired , it returns 'Warning: password has expired.' and allows the user to login! I even made changes in the /etc/pam.d/password-auth such that pam_krb5.so comes above…

ssh kerberos pam

asked Jun 02 '16 at 10:39

Chandira Mouli

51
3

5

votes

2 answers

PAM vs /etc/shadow in Dovecot SASL configuration - Security differences?

I set up a server with Postfix SMTP auth through Dovecot SASL. However, it was not possible to get the PAM authentification working as standard out of the box. So more by chance, I changed it to the shadow driver as explained in Dovecot…

postfix dovecot pam sasl shadow

asked May 19 '16 at 19:32

smartmic

151
4

5

votes

5 answers

Filter LDAP user through PAM so it appears to not exist at all

In our corporate environment long ago some wiz decided to put the user "mysql" into LDAP. The account is disabled: $ sudo su - mysql This account is currently not available. ...but it's id still exists: $ id mysql uid=2050913(mysql) gid=867(ENG)…

ldap pam centos7 ansible sssd

asked Sep 29 '15 at 17:45

rrauenza

555
3
16

5

votes

1 answer

Use more complex AND/OR structure with PAM

PAM allows to use sufficent and required for some logic, like auth sufficient pam_a.so auth required pam_b.so auth required pam_c.so which would mean "either a is true, or b must be true and then c must be true". Is it possible to do more complex…

authentication pam

asked Mar 07 '15 at 23:42

allo

1,620
2
22
39

5

votes

1 answer

Practical ulimits

One of the projects I'm working on is moving certain puppet-applied ulimit settings away from "that sounds about right" to dynamically allocated based on the environment. This is for single-application environments, so I'm mostly worried about…

linux redhat pam rhel6 ulimit

asked Nov 18 '14 at 20:53

sysadmin1138

133,124
18
176
300

5

votes

2 answers

RHEL 6.5 web application PAM AUTH pam_oddjob_mkhomedir

I've got a RHEL 6.5 that authenicates against an AD server, that side is working fine. The machine is also running a web application that uses a PAM module to authenticate. I copied login to make a pam module for use by the web app. (rstudio-server)…

active-directory redhat ldap pam pam-ldap

asked Jul 11 '14 at 08:48

Frank Hauptle

51
1
3

5

votes

2 answers

Public-Key -or- Password & Google Authenticator for SSH Login

I found an article (http://www.howtogeek.com/121650/how-to-secure-ssh-with-google-authenticators-two-factor-authentication/) that explains how to configure OpenSSH to ask for a Google Authenticator code upon a successful login. Is it possible to…

linux ssh pam google-authenticator

asked May 14 '14 at 01:54

EduAlm

165
2
6

5

votes

1 answer

How to restore pam configuration?

I did some modifications in /etc/pam.d/common-auth, /etc/pam.d/common-account, /etc/pam.d/common-password, /etc/pam.d/common-session files. Is there any way to restore default pam configuration? I am using ubuntu 12.04

ubuntu-12.04 pam

asked Oct 23 '13 at 14:10

kannanrbk

181
2
2
9

5

votes

1 answer

How to make exception in password locking via pam_tally2 for specific user?

I need to make an exception for a specific user, so that his failed logins are not counted by pam_tally2, and well, this is not a root account (I'd use magic_root then). Is it doable?

linux authentication pam

asked Aug 28 '13 at 16:05

Wojciech Kaczmarek

192
1
8

5

votes

3 answers

sssd vs nslcd for RHEL-5/6

We have 50 RH-5 machines and 70 RH-6 machines. I am looking to decide what we should use for LDAP: nscd/nslcd for all RH-5/RH-6 servers nscd/nslcd for RH-5 servers, sssd for RH-6 servers sssd for all RH-5/RH-6 servers SSSD is available on both…

redhat ldap pam nss sssd

asked Aug 19 '13 at 13:48

ujjain

3,983
16
53
91

5

votes

4 answers

Locking a user's account locally when kerberos is enabled

I'm trying to set up Chef-managed accounts for a group of machines with the following characteristics: If there is no local account, login is blocked. If there is a local account with SSH keys, use those for authentication is possible. If there is…

linux kerberos pam

asked May 24 '13 at 07:16

Stephen C

551
4
18

Questions tagged [pam]