hi everyone,
hope it to be a simple question..
is there a way to let one of PAM modules to just escape its authentication
phase and have something like template_user so it uses that user's home
configs and don't ask for user passwords or so?
i tried pam_permit.so in sufficient mode but don't
Hi,
I'm trying to authenticate Dovecot to Active Directory using the
SAMBA/Winbind method and so far my setup seems that everything is
working apart from the Dovecot authentication which I believe I have
traced to PAM.
I can login using an AD account using:
wbinfo -K user
# wbinfo -K user
On Jun 22, 2012 1:45 AM, Kaya Saman kayasa...@gmail.com wrote:
Hi,
I'm trying to authenticate Dovecot to Active Directory using the
SAMBA/Winbind method and so far my setup seems that everything is
working apart from the Dovecot authentication which I believe I have
traced to PAM.
I can
My system has root login via sshd disabled, and it is going to stay disabled.
I don't care if the whole of the entire internet tries to login as root,
because:
Root login is disabled.
However, syslog likes to print little warnings on my console, and in my
auth.log, everytime some bot tries.
I
12.12.2011 20:35, Matt Mullins wrote:
On Mon, Dec 12, 2011 at 1:40 AM, Volodymyr Kostyrkoc.kw...@gmail.com wrote:
10.12.2011 04:22, Matt Mullins wrote:
auth optional pam_deny.so
auth sufficient pam_unix.so no_warn try_first_pass
auth sufficient pam_krb5.so no_warn try_first_pass
Why you
On Mon, Dec 12, 2011 at 03:34:28PM -0600, Reid Linnemann wrote:
On Thu, Dec 8, 2011 at 10:45 AM, Michael W. Lucas
mwlu...@blackhelicopters.org wrote:
Hi,
I'm attempting to hook security/pam_ssh_agent_auth into sudo, and have
learned that PAM doesn't work the way I thought it did.
I'm
of trouble adjusting
to the semantics of FreeBSD's PAM configuration, it seems. The
following is what I have tried in /etc/pam.d/sshd:
auth optional pam_deny.so
auth sufficient pam_unix.so no_warn try_first_pass
auth sufficient pam_krb5.so no_warn try_first_pass
Why you just haven't changed
On Mon, Dec 12, 2011 at 1:40 AM, Volodymyr Kostyrko c.kw...@gmail.com wrote:
10.12.2011 04:22, Matt Mullins wrote:
auth optional pam_deny.so
auth sufficient pam_unix.so no_warn try_first_pass
auth sufficient pam_krb5.so no_warn try_first_pass
Why you just haven't changed the last line to
On Thu, Dec 8, 2011 at 10:45 AM, Michael W. Lucas
mwlu...@blackhelicopters.org wrote:
Hi,
I'm attempting to hook security/pam_ssh_agent_auth into sudo, and have
learned that PAM doesn't work the way I thought it did.
I'm running FreeBSD-9/i386, with sudo 1.7.2.6.
My goal is that sudo pass
of FreeBSD's PAM configuration, it seems. The
following is what I have tried in /etc/pam.d/sshd:
auth optional pam_deny.so
auth sufficient pam_unix.so no_warn try_first_pass
auth sufficient pam_krb5.so no_warn try_first_pass
This does what I want: tries Unix authentication, and for most users
with SASL2 support
openldap-sasl-server-2.4.23 Open source LDAP server implementation
pam_ldap-1.8.5 A pam module for authenticating with LDAP
And this is what happens in the ldap logs after making those changes:
Feb 26 19:58:43 LBSD2 slapd[54891]: conn=34934 op=3 SRCH
base=dc
of (mostly virtual) centos 5.5 machines.
But at the moment I am attempting to setup pam authentication for ssh
via LDAP and having some difficulty.
My /etc/pam.d/sshd file seems to be setup logically and correctly:
# PAM configuration for the sshd service
#
# auth
auth
functioning very nicely that
authenticates a network of (mostly virtual) centos 5.5 machines.
But at the moment I am attempting to setup pam authentication for ssh
via LDAP and having some difficulty.
My /etc/pam.d/sshd file seems to be setup logically and correctly:
# PAM configuration
installed
nss_ldap-1.265_4RFC 2307 NSS module
openldap-sasl-client-2.4.23 Open source LDAP client implementation
with SASL2 support
openldap-sasl-server-2.4.23 Open source LDAP server implementation
pam_ldap-1.8.5 A pam module for authenticating with LDAP
And this is what happens in the ldap
Hello List!!
I have an OpenLDAP 2.4 server functioning very nicely that
authenticates a network of (mostly virtual) centos 5.5 machines.
But at the moment I am attempting to setup pam authentication for ssh
via LDAP and having some difficulty.
My /etc/pam.d/sshd file seems to be setup
protocols: files
rpc: files
On Sat, Feb 26, 2011 at 2:55 PM, Tim Dunphy bluethu...@gmail.com wrote:
Hello List!!
I have an OpenLDAP 2.4 server functioning very nicely that
authenticates a network of (mostly virtual) centos 5.5 machines.
But at the moment I am attempting to setup pam
]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
.EXAMPLE.COM = EXAMPLE.COM
[appdefaults]
pam = {
debug = false
ticket_lifetime = 36000
renew_lifetime = 36000
forwardable = true
krb4_convert = false
}
/usr/local/etc/openldap/ldap.conf
host gnv-dc3-tmp.example.com
base dc=example,dc=com
ldap_version 3
Christopher J. Ruwe c...@cruwe.de writes:
I am trying to implement the feature to set a random password like in
BSD pw usermod -W in the Solaris passwd. Regrettably, I have not
found or perhaps not understood the PAM API documentation on how to
_inject a given string_ into the change-auth
On Wed, 05 Jan 2011 11:45:08 +0100
Dag-Erling Smørgrav d...@des.no wrote:
Christopher J. Ruwe c...@cruwe.de writes:
I am trying to implement the feature to set a random password like
in BSD pw usermod -W in the Solaris passwd. Regrettably, I have
not found or perhaps not understood the PAM
Hi,
First, I'd like to apologise for my choice of lists to post to ... the
question is more PAM-specific than FreeBSD, but the idea comes from
BSD, so I hope someone will have an idea or knows where to turn to (and
I don't know where to turn else).
I am trying to implement the feature to set
on and it is ALL happening through PAM!! Well almost all of
it..
The one sticking point I am currently having is getting sudoers to
authenticate against LDAP.
The server is FreeBSD 8.1 but the clients are all CentOS 5.4.
Although, knowing this shouldn't make much difference in how this
works
..
At this point I have an openLDAP server that is working quite splendidly! :)
I have a working directory with users able to authenticate it and TLS
turned on and it is ALL happening through PAM!! Well almost all of
it..
The one sticking point I am currently having is getting sudoers to
authenticate
Hello List
I am attempting to setup various pam modules to consult our new LDAP
services in order to do what it needs to do. My LDAP server is FreeBSD
but the clients are CentOS...
I have setup my /etc/pam.d sudo file on the client (for example) this
way in the attempt to accomplish this via
Hello.
I'd like to have every service on my systems authenticating via Samba
(through PAM).
With older, now deprecated, 3.0.x version, I did this through
security/pam_smb: no problems at all.
Since 3.0 was removed, I tried upgrading to 3.4 on one box: since then I
am not able
On 11/1/2010 6:34 AM, Andrea Venturoli wrote:
Hello.
I'd like to have every service on my systems authenticating via Samba
(through PAM).
With older, now deprecated, 3.0.x version, I did this through
security/pam_smb: no problems at all.
Since 3.0 was removed, I tried upgrading
On 11/01/10 12:49, Tim Daneliuk wrote:
Be aware that the samba password directory moved from /usr/local/etc/samba
to /usr/local/etc/samba34
Thanks, I know, but that's not the problem.
pamsmbd doesn't read the password file directly; instead it asks smbd.
I discovered it uses LanMan
Well in fact, I guess this is an automated break-in attempt coming from
a virus or troyan.
But, I already got such attacks in the past and never had this strange
PAM message.
You probably have somebody trying (succeeding?, I have no idea,) to
break in.
I have one machine for the net
Hello guys,
has anyone got these messages :
Oct 16 11:24:54 coruscant sshd[2690]: User root from 89.211.244.245 not
allowed because none of user's groups are listed in AllowGroups
Oct 16 11:24:55 coruscant sshd[2690]: fatal: Internal error: PAM auth
succeeded when it should have failed
FYI, I
The su(1) command always provide root access if there are no pam config
files. Is this actually the desired behavior?
Regards,
Jason C. Wells
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
Hi,
problem solved. It is only FreeBSD 9 (CURRENT) issue.
If anyone would have problem like this, solution is available here:
http://lists.freebsd.org/pipermail/freebsd-current/2010-January/015236.html
Regards
--
Piotr Buliński
Informatyka na Wydziale Elektrycznym
Politechnika Warszawska
works perfectly with users from LDAP server
(so I assume that PAM is configured correctly).
After that, I've tried to make a simple test with program below:
===
#include sys/types.h
#include pwd.h
#include stdarg.h
#include stdio.h
#include unistd.h
int
main(int argc, char **argv
in the PAM configuration; I simply don't know how.
So, my questions are:
1. Should I be concerned about it?
2. How do I fix it?
If you need any more info, please let me know. I'll be happy to post any
config files, e.g. xorg.conf or my KERNCONF file (perhaps I've missed
something important
Hi All
Currently I have got pam authenticating against ldap and mkhomedir
creating the home directories, but they are created owned as root:wheel
and the user can't write to their own home directory -- I have read the
man page for pam_mkhomedir, the only way I see it working at the moment
Craig Butler wrote:
Currently I have got pam authenticating against ldap and mkhomedir
creating the home directories, but they are created owned as root:wheel
and the user can't write to their own home directory -- I have read the
man page for pam_mkhomedir, the only way I see it working
are correct).
My PAM configurations is:
/etc/pam.d/imap:
authrequired pam_krb5.so try_first_pass debug
I tried with testsaslautd -u username - password different combinations of
user names and passwords. As expected the wrong ones would be denied. But I
get no PAM_SUCCESS
support
openldap-sasl-server-2.4.16 Open source LDAP server implementation
pam_ldap-1.8.4_1A pam module for authenticating with LDAP
From O'Reilly's OpenLDAP book and other sources I got the information,
that tha tags
pam_groupdn
pam_member_attribute
can be used in conjunction with 'uid
O. Hartmann schrieb am 27.04.2009 09:48 (localtime):
...
This is what I wish to get and need:
A simple capability of selecting users into a specific group. Members of
such a group should then log into a set of specific hosts.
Infrastructure is FreeBSD 8.0-CURRENT/amd64 and some 7.2-STABLE
[dropping -current from CC]
O. Hartmann wrote:
A simple capability of selecting users into a specific group. Members of
such a group should then log into a set of specific hosts.
Infrastructure is FreeBSD 8.0-CURRENT/amd64 and some 7.2-STABLE boxes
(acting as server) as well as OpenLDAP
Hello!
Finally I managed to find some time to apply the libc update to our server
running FreeBSD 7.0 i386. I applied the patch as described in the section
titled To patch your present system: of the advisory.
I didn't notice any errors during the entire process, but after it was
complete I
is FreeBSD 8.0-CURRENT/amd64 and some 7.2-STABLE boxes
(acting as server) as well as OpenLDAP backend.
Authentication on boxes is done via PAM/ldap_pam. But it is on FreeBSD's
side a vanilla configuration, not very sophisticated. Users autheticate
and authorize against an OpenLDAP server
i had some trouble because of corrupted indices with ldap. running
slapindex fixed, it. can you try that?
alwin
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
On our FreeBSD 7.2/8.0 driven infrastructure we use OpenLDAP:
openldap-sasl-client-2.4.16 Open source LDAP client implementation with
SASL2 support
openldap-sasl-server-2.4.16 Open source LDAP server implementation
pam_ldap-1.8.4_1A pam module for authenticating with LDAP
From O'Reilly's
.
I think that this is the problem but I don't have a clue how to solve it.
I can't understand why it sends an incorect password, and most
important which of ssh, pam, pam_ldap has the problem.
Any ideas?
O/H Panos έγραψε:
O/H Emiel van de Laar έγραψε:
On Apr 17, 2009, at 11:04 PM, Panos
credentials.
I think that this is the problem but I don't have a clue how to
solve it.
I can't understand why it sends an incorect password, and most
important which of ssh, pam, pam_ldap has the problem.
Any ideas?
On 2009, Apr 23, at 09:54, Panos wrote:
Anyone?
With the later message
O/H Emiel van de Laar έγραψε:
On Apr 17, 2009, at 11:04 PM, Panos wrote:
hello I'm trying to setup an ldap for authenticating users.
I think that the ldap server is ok
but ssh gives me an error PAM authntication error illigal user XXX
from XXX.XXX.XXX.XXX
I think that something is wrong
O/H Benjamin Lee έγραψε:
On 04/17/2009 02:04 PM, Panos wrote:
hello I'm trying to setup an ldap for authenticating users.
I think that the ldap server is ok
but ssh gives me an error PAM authntication error illigal user XXX from
XXX.XXX.XXX.XXX
I think that something is wrong when pam-ldap
but I don't have a clue how to solve it.
I can't understand why it sends an incorect password, and most important
which of ssh, pam, pam_ldap has the problem.
Any ideas?
O/H Panos έγραψε:
O/H Emiel van de Laar έγραψε:
On Apr 17, 2009, at 11:04 PM, Panos wrote:
hello I'm trying to setup
hello I'm trying to setup an ldap for authenticating users.
I think that the ldap server is ok
but ssh gives me an error PAM authntication error illigal user XXX from
XXX.XXX.XXX.XXX
I think that something is wrong when pam-ldap is quering tο ldap.
Fisrt I thounght that was acl problem so I
On 04/17/2009 02:04 PM, Panos wrote:
hello I'm trying to setup an ldap for authenticating users.
I think that the ldap server is ok
but ssh gives me an error PAM authntication error illigal user XXX from
XXX.XXX.XXX.XXX
I think that something is wrong when pam-ldap is quering tο ldap.
Fisrt
On Apr 17, 2009, at 11:04 PM, Panos wrote:
hello I'm trying to setup an ldap for authenticating users.
I think that the ldap server is ok
but ssh gives me an error PAM authntication error illigal user XXX
from XXX.XXX.XXX.XXX
I think that something is wrong when pam-ldap is quering tο ldap
Hi,
Could someone confirm my understanding:
1) things like getent(1), getpwnam(3) use:
/etc/nsswitch
/usr/local/etc/nss_ldap.conf
2) things like sshd, with pam_ldap use:
/usr/local/etc/ldap.conf
So if I have different filter in /usr/local/etc/nss_ldap.conf and
/usr/local/etc/ldap.conf
I'm trying to make cyrus work with saslauthd + pam, but having no luck.
# imtest -m PLAIN -a test
WARNING: no hostname supplied, assuming localhost
S: * OK [CAPABILITY IMAP4 IMAP4rev1 LITERAL+ ID AUTH=LOGIN AUTH=PLAIN
AUTH=DIGEST-MD5 AUTH=CRAM-MD5 SASL-IR] [myserver] Cyrus IMAP v2.3.13 server
john's home
directory if NFS mounted from the file server, but I don't want john
to be able to log onto the web server.
Of course certain users will be allowed to log onto the web server.
How can this be done with LDAP and PAM.
TIA,
Olivier
___
freebsd
from the file server, but I don't want john
to be able to log onto the web server.
Of course certain users will be allowed to log onto the web server.
How can this be done with LDAP and PAM.
TIA,
Olivier
If you don't want to let users logon to server through SSH you can use
DenyUsers/AllowUsers
these by removing the pam_nologin module from the auth list in my sshd
pam config file.
My current pam sshd configuation file is as follows:
# auth
authrequiredpam_krb5.so no_warn
try_first_pass
#authrequiredpam_unix.so no_warn
Date: Tue, 19 Aug 2008 14:02:59 +0200
Recently I have been seeing lots of connections to my sshd trying to
guess passwords. One thing I noticed was the hostname reported in the
auth.log without reverse dns. sshd never puts in the ip address, this
is all I see:
sshd[14450]: error: PAM
All,
I am having a wierd problem with sudo on a FreeBSD 7 system that is
joined to AD domain through Samba. When I sudo a command, when prompted
for a password, any password including a blank one works. Obviously a
security issue.
Here are the config files:
/usr/local/etc/sudoers
root
Recently I have been seeing lots of connections to my sshd trying to guess
passwords. One thing I noticed was the hostname reported in the auth.log
without reverse dns. sshd never puts in the ip address, this is all I see:
sshd[14450]: error: PAM: authentication error for illegal user access
see:
sshd[14450]: error: PAM: authentication error for illegal user access from
host1.xxx.br
Is it possible to get pam or sshd or whatever is ultimatly logging this to
put the ip address in the log so I can see where this is really coming from?
Michael Grant
Ths seems to work:
Put
On Friday 11 July 2008 02:03:04 Tim Judd wrote:
I can't quote easily what the difference
between NSS and PAM is
PAM is a module that abstracts authentication, it does not authenticate
itself, yet asks providers if the information passed to it is correct and
then relays this to the application
just went through the motions and really was not sure
what all I did...but it worked. Now I want to understand
everything so that I know exactly what all I did. :)
I have the following:
I installed OpenLdap which put ldap.conf in /usr/local/etc/openldap.
I installed PAM which put
to understand everything so that I know exactly what all I did. :)
I have the following:
I installed OpenLdap which put ldap.conf in /usr/local/etc/openldap.
I installed PAM which put ldap.conf.dist in /usr/local/etc.
I installed NSS which put nss_ldap.conf in /usr/local/etc.
From looking
to understand everything so that I know exactly what all I did. :)
I have the following:
I installed OpenLdap which put ldap.conf in /usr/local/etc/openldap.
I installed PAM which put ldap.conf.dist in /usr/local/etc.
I installed NSS which put nss_ldap.conf in /usr/local/etc.
From looking at them I
...but it worked. Now I
want to understand everything so that I know exactly what all I did. :)
I have the following:
I installed OpenLdap which put ldap.conf in /usr/local/etc/openldap.
I installed PAM which put ldap.conf.dist in /usr/local/etc.
I installed NSS which put nss_ldap.conf in /usr/local/etc
Hi all
I'm trying to getting PAM up inside a chroot. I'm using FreeBSD 7.0 on i386.
su -l shows following error:
su: pam_start: system error
strace su -l shows following failures:
access(/etc/localtime, R_OK) = 0
open(/etc/localtime, O_RDONLY)= 4
fstat(4, {st_mode=S_IFLNK
Hi,
I'm trying to set up Exim in a jail to authenticate using the
security/pam_pop3 port. Exim authenticator:
plain:
driver = plaintext
public_name = PLAIN
server_prompts = :
server_condition = ${if pam{$auth2:${sg{$auth3}{:}{::
server_set_id = $2
The jail hasn't /etc/pam.conf
P.S. I posted:
I'm trying to set up Exim in a jail to authenticate using the
security/pam_pop3 port.
Exim runs not as root when authenticating, so neither Exim nor PAM it called
can read master.passwd, it's why I need pam_pop3.
/etc/pam.d/exim contains one line:
auth required /usr/local
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dan Nelson wrote:
In the last episode (Apr 01), Chuck Robey said:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I can't figure out what this message below means to me:
Mar 31 17:12:02 april sshd[26150]: in openpam_dispatch(): pam_nologin.so: no
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I can't figure out what this message below means to me:
Mar 31 17:12:02 april sshd[26150]: in openpam_dispatch(): pam_nologin.so: no
pam_sm_authenticate()
I have guessed it meant I had something wrong with my login.access, but I wasn't
able to find
In the last episode (Apr 01), Chuck Robey said:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I can't figure out what this message below means to me:
Mar 31 17:12:02 april sshd[26150]: in openpam_dispatch(): pam_nologin.so: no
pam_sm_authenticate()
I have guessed it meant I had
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
My messages file is getting completely blasted by error lines like this:
Mar 13 11:16:03 april sshd[80704]: in openpam_dispatch(): pam_nologin.so:
no pam_sm_authenticate()
Anyone got any idea what's causing this?
-BEGIN PGP SIGNATURE-
http://lists.freebsd.org/pipermail/freebsd-questions/2007-September/159008.html
That cover you?
On Thu, 2008-03-13 at 14:36 -0400, Chuck Robey wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
My messages file is getting completely blasted by error lines like this:
Mar 13 11:16:03
Hello.
I use FreeBSD 7.0-BETA on servral boxes with different architectures
(i386/amd64). Users within our network have to autheticate against an
OpenLDAP Server via PAM. I have the annoying problem that every user
getting autenticated needs a public key and the passphrase set in the
ssh
Hello:
On Dec 16, 2007, at 7:06 AM, O. Hartmann wrote:
Hello.
I use FreeBSD 7.0-BETA on servral boxes with different architectures
(i386/amd64). Users within our network have to autheticate against
an OpenLDAP Server via PAM. I have the annoying problem that every
user getting
Hello all,
In looking through some pam stuff I find that there's a pam_passwdqc
module to do password quality control.
However, in reading the passwd man page, NO mention is made of either pam,
or /etc/pam.d/passwd
Is passwd a legacy tool which doesn't support this pam feature?
-Dan
/ldap.conf (for both pam_ldap and nss_ldap, linked), but
this doesn't help much I guess.
Due to the fact ssh login does not work, I will show you my
/etc/pam.d/sshd file, which looks like this:
=
#
# $FreeBSD: src/etc/pam.d/sshd,v 1.16 2007/06/10 18:57:20 yar Exp $
#
# PAM configuration
seem to be the case in practice! I
have keys setup for root to login, but instead of letting me in with
those keys, SSHD ignores them, passes me to PAM for password prompting
(three times) and the denies me out! Very strange.
PermitRootLogin forced-commands-only
This requires that a command
for root to login, but instead of letting me in with those keys,
SSHD ignores them, passes me to PAM for password prompting (three times)
and the denies me out! Very strange.
PermitRootLogin forced-commands-only
This requires that a command be present in the authorized_keys
file for a given key
On Monday 01 October 2007 20:29, Brian A. Seklecki wrote:
On Mon, 1 Oct 2007, Jonathan McKeown wrote:
The passwd(1) program was rewritten some time ago to use PAM, but a test
was left in which prevents it doing so. I have asked, both on this list
and on freebsd-hackers in the last few weeks
know how to trace the
communication paths between the pam/nss clients and the OpenLDAP server.
At the beginning of setting up the environment, I followed strictly
suggestions and examples shown in the OpenLDAP tutorials from OpenLDAP
itself - but with no success! Other tutorials around the web
On Friday 28 September 2007 16:29, Brian A. Seklecki wrote:
FreeBSD 5.x and 6.x work fine with both PAM and NSS - LDAP w/ TLS
(PKI).
All other services (RADIUS, Apache ((mod_ldap, mod_pam_auth), PHP,
interactive shell, SFTP, etc.) can be tied into LDAP either directly or
via PAM
Does it log in as the LDAP user or the PAM super-user to do the attribute
change? I'll check out the source...but that's great news. ~BAS
On Mon, 1 Oct 2007, Jonathan McKeown wrote:
On Friday 28 September 2007 16:29, Brian A. Seklecki wrote:
FreeBSD 5.x and 6.x work fine with both PAM
On a fresh install of FreeBSD 6.2 (amd64), I've run into a problem
with sshd and PAM. When the box first boots up, I cannot ssh in. I am
immediately disconnected. If I look in /var/log/auth.log, I see:
Sep 29 03:20:47 pflog sshd[68798]: in openpam_load_module(): no
pam_opieaccess.so found
Sep 29
Any ideas? I tried doing an ldd on /usr/lib/pam* inside the
/etc/rc.d/sshd script, but the output is identical when it starts up
on boot as when I restart it. No missing libraries/etc.
Problem solved! In going from 32-bit to 64-bit, my login.conf really
needed to change. I had a default memory
/etc/pam.d/sshd to this:
#
# $FreeBSD: src/etc/pam.d/sshd,v 1.16 2007/06/10 18:57:20 yar Exp $
#
# PAM configuration for the sshd service
#
# auth
authsufficient pam_opie.so no_warn
no_fake_prompts
authrequisite pam_opieaccess.so no_warn
, I'm confused and not very firm with OpenLDAP/PAM/NSS stuff,
especially if SSL/TLS come into play and I would like to ask those
herein administering those setups, especially within a hybrid NFS/SAMBA
fileservicing environment, where to find up to date
informationes/howto/tipps.
Most websites
FreeBSD 5.x and 6.x work fine with both PAM and NSS - LDAP w/ TLS
(PKI).
All other services (RADIUS, Apache ((mod_ldap, mod_pam_auth), PHP,
interactive shell, SFTP, etc.) can be tied into LDAP either directly or
via PAM.
As for password change, I don't know if anyone has a passwd(1) binary
: src/etc/pam.d/sshd,v 1.16 2007/06/10 18:57:20 yar Exp $
#
# PAM configuration for the sshd service
#
# auth
authsufficient pam_opie.so no_warn
no_fake_prompts
authrequisite pam_opieaccess.so no_warn allow_local
#auth sufficient
CyberLeo Kitsana wrote:
Rakhesh Sasidharan wrote:
Any ideas or nudges in the right direction as to why this is happening?
Looks like I've understood the interaction between SSH and PAM wrong
here, so would appreciate some enlightenment.
According to my understanding of the SSH protocol
On Wednesday 26 September 2007 11:02:26 Rakhesh Sasidharan wrote:
CyberLeo Kitsana wrote:
Rakhesh Sasidharan wrote:
Any ideas or nudges in the right direction as to why this is happening?
Looks like I've understood the interaction between SSH and PAM wrong
here, so would appreciate some
-password
PasswordAuthentication no
UsePAM yes
8---
The idea being that I use Public Key authentication. No password
authentication. Yes to PAM authentication etc (my understanding is that
*if* Public Key auth fails then this is invoked). And root
On Tue, 25 Sep 2007 15:56:22 +0400 (GST) Rakhesh Sasidharan wrote:
Any ideas or nudges in the right direction as to why this is happening?
Looks like I've understood the interaction between SSH and PAM wrong here,
so would appreciate some enlightenment.
I'm not sure if I can offer any
Christian Baer wrote:
On Tue, 25 Sep 2007 15:56:22 +0400 (GST) Rakhesh Sasidharan wrote:
Any ideas or nudges in the right direction as to why this is happening?
Looks like I've understood the interaction between SSH and PAM wrong here,
so would appreciate some enlightenment.
I'm not sure
Rakhesh Sasidharan wrote:
Any ideas or nudges in the right direction as to why this is happening?
Looks like I've understood the interaction between SSH and PAM wrong
here, so would appreciate some enlightenment.
According to my understanding of the SSH protocol, you're continually
asked
I just installed 7.0-CURRENT (after someone said on this list that it's
very stable and there are very few bugs left). So far it seems to work
fine, but there's one thing that bothers me. I repeatedly get the
following messages in the console:
in openpam_dispatch(): pam_nologin.so: no
PAM-aware software (like
fetchmail and qpopper) so PAM warns you they didn't call the proper
functions.
2. How do I get rid of the messages? No matter how severe they are, I do
NOT want them filling up the console. So how could I correct the problem?
Silence it by altering auth.notice
PAM-aware software (like
fetchmail and qpopper) so PAM warns you they didn't call the proper
functions.
2. How do I get rid of the messages? No matter how severe they are, I do
NOT want them filling up the console. So how could I correct the problem?
Silence it by altering auth.notice
? Should I assume that there are
security holes?
Don't think so. I think you didn't recompile PAM-aware software (like
fetchmail and qpopper) so PAM warns you they didn't call the proper
functions.
2. How do I get rid of the messages? No matter how severe they are, I do
NOT want them
PAM-aware software (like
fetchmail and qpopper) so PAM warns you they didn't call the proper
functions.
2. How do I get rid of the messages? No matter how severe they are, I do
NOT want them filling up the console. So how could I correct the problem?
Silence it by altering auth.notice
? Should I assume that there are
security holes?
Don't think so. I think you didn't recompile PAM-aware software (like
fetchmail and qpopper) so PAM warns you they didn't call the proper
functions.
2. How do I get rid of the messages? No matter how severe they are, I do
NOT want them
1 - 100 of 269 matches
Mail list logo