Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [pam]

Pluggable authentication modules, a flexible framework for configuring authentication, most commonly the login component of Linux systems, but used in other components and operating systems.

752 questions
5
votes
2 answers

cgroup fork rejected by pids controller

Have a small server program written in C/C++ that uses nginx and Postgres, currently all are hosted on the same ubuntu system. I usually run the server program from the bash command line. Recently on the newer versions of Ubuntu, when the server…
myk
  • 181
  • 1
  • 6
4
votes
1 answer

Echo something before SSH prompt with pam_exec

I want to echo some text from a pam_exec script after a successful SSH login (pubkey) but before the script itself exits (2FA purposes). Whatever the script prints during its execution is displayed when the script…
Riccardo Salve
  • 41
  • 5
4
votes
1 answer

PAM with pam_krb5 to authenticate nginx requests

I am aware of the gazzilion pam / nginx questions here and on "Unix/Linux" but they are either unanswered or not related to my setup - so i try again :) TL;dr While the setup works perfectly with an Apache+mod_kerb_auth combination, i fail to get…
Eugen Mayer
  • 327
  • 1
  • 5
  • 15
4
votes
3 answers

Modifying pam with Ansible

As part of a new server setup, I provision /etc/security/access.conf with user/group and src IP addresses of allowed ssh logins. This requires enabling pam_access in the /etc/pam.d/login and /etc/pam.d/sshd files (on Ubuntu anyway) It seems Ansible…
Server Fault
  • 3,714
  • 12
  • 54
  • 89
4
votes
1 answer

Why can't I use pam_echo.so in the sudo pam stack?

I have a CentOS 7 machine where I'd like to display a message when authentication fails during sudo. I tried to do this by adding a pam_echo line in /etc/pam.d/sudo. For testing, I created a file, /etc/security/foo, that contains the string…
Steve F
  • 351
  • 1
  • 2
  • 9
4
votes
1 answer

Synchronise Samba 4.4 passwords with the Unix password database

I run a small Samba 4.4 server, and I would like to keep the Samba password database in sync with the Unix password database. I would like the Samba password to be updated when a user changes their password with the traditional Unix passwd program.…
Kaypro II
  • 302
  • 1
  • 4
  • 11
4
votes
2 answers

SSSD AD synchronization fails after Active Directory UPN change

I have recently run into a problem with my AD integration on a number of debian boxes. I use SSSD and krb5 to allow PAM to synchronize and authenticate users against the Active Directory. This has been working for over a year, until the AD…
Martin Nielsen
  • 73
  • 3
  • 12
4
votes
2 answers

Allow both domain users *and* local users to Centos 7 server

I need to allow domain users (userid and password) access to a Centos 7 server, as well as local users (SSH key/passwordless). I have configured sshd_config with both AllowUsers and AllowGroups and assumed that if I added the local user to those it…
machinist
  • 71
  • 1
  • 1
  • 6
4
votes
3 answers

Apache 2.4 replacement for mod_auth_shadow?

My employer has been running RHEL 6.x and Apache httpd 2.2 for many years. We are currently in the process of migrating to new hardware running RHEL 7.1 and Apache httpd 2.4. Our current web site has various locations that contain downloadable…
Eric Chevalier
  • 51
  • 3
4
votes
1 answer

Display different motd file based on group

Is it possible in ubuntu to print a different motd file based on the group of the user that is logging in? I want to display different motd messages for admins and regular users when they login to my ubuntu 9.10 server. I've looked at the PAM…
Baversjo
  • 143
  • 6
4
votes
1 answer

openldap user can't login when using tcsh

I would appreciate any help in the following problem: I have an openladp (2.3.39) server (Fedora 8) which authenticates users from other ldap clients (various versions of Fedora). On my attempt to upgrade the whole infrastructure, ldap users with…
trian
  • 51
  • 3
4
votes
2 answers

AWS Simple AD: "KDC has no support for encryption type" for users created with adtool, but not with MS Management Console

Background I am trying to log in (via SSH, to an Amazon Linux EC2 instance running sssd) as users that I've created in my AWS Directory Services Simple AD. I am authenticating with kerberos and identifying the user with LDAP (all through…
2rs2ts
  • 325
  • 3
  • 11
4
votes
1 answer

PAM with LDAP and add an exception for local user

I've successfully configured LDAP and SSH. Also I've added a requirement that user should be in a group called admin. That works. /etc/ldap.conf ... pam_groupdn cn=admin,ou=Groups,dc=example,dc=com ... /etc/pam.d/sshd ...default ubuntu values…
kay
  • 329
  • 3
  • 9
4
votes
0 answers

Ldap client on CoreOS

Has anyone setup ldap on CoreOS before? If so, how does one do such a task? I have a cluster of CoreOS machines and I'm trying to hook up this service Foxpass https://www.foxpass.com/ to it for user management. Yet, I can't seem to get the proper…
Christian Grabowski
  • 559
  • 1
  • 5
  • 18
4
votes
1 answer

LDAP authentication fails

I try to set up an LDAP directory that will allow me to authenticate Debian users. Once the configuration of the LDAP server and PAM files is done, the authentication fails. I think the client doesn't find the ldap user into the directory. When I…
EAI
  • 43
  • 1
  • 1
  • 5
1 2 3
50 51