Newest pam Questions

Q&A for system and network administrators

Use phpLDAPadmin to forces users to change their password

I setup an LDAP server and configured several machines to authenticate using that server. These guides got me through setting up user accounts, putting them in designated groups, etc all using ...

How to change the Default Shell Properties to Bash for non-local accounts that users Active Directory

We did an integration of CentOS 6 with Active Directory. I would like to know how to change the Default Shell Properties to Bash for non-local accounts. For the local accounts we use chsh -s /bin/...

Postfix: Can't sent email to myself

I'm new to postfix. Receiving e-mails works fine, but Can't sent email to myself. Such as test1@mydomain123.com to test1@mydomain123.com ERR:User not found. Just while using SMTP from external hosts. ...

Public SSH logins with no authentication at all

I want to create a public service that I want to share via SSH. Like the famous Star Wars telnet towel.blinkenlights.nl but via SSH. For this purpose I want to accept any user without any ...

Allow both domain users *and* local users to Centos 7 server

I need to allow domain users (userid and password) access to a Centos 7 server, as well as local users (SSH key/passwordless). I have configured sshd_config with both AllowUsers and AllowGroups and ...

VSFTPD error 530 on fresh install

I need to setup an FTP server and SFTP server on EC2 supporting both password and cert logins. I just used the stock RHEL and Amazon AMI's and I can't login to either. $ sudo yum install vsftpd $ ...

Can ssh generate a kerberos ticket? (FreeBSD)

TL;DR I want to be able to ssh from a FreeBSD host to a FreeBSD host, using my kerberos ticket generated when I first logged in. Question Environment FreeBSD 10.3 with working openldap-sasl-client,...

Why is the $PAM_RHOST env var not set by openssh-server

I have a script running called from /etc/pam.d/sshd with the following line: session optional pam_exec.so /usr/local/bin/notify-login The script gets called as expected everytime someone ...

SSH login with defined authentication methods

I have a small server, and I would like to be able to login using SSH with 2 methods: Public key Password and then a PAM made in Python I successfully installed libpam-python, and added this line to ...

pam_winbind is logging passwords

Occasionally, a systemd unit using a pam module that uses pam_winbind logs a users password. Systemd unit log: Mar 25 15:47:41 display-server node[5969]: pam_succeed_if(grooming:auth): requirement "...

configure linux login against active directory ldap

I have a bit of a complicated situation and I haven't yet been able to solve it with the information I found here and the internet. I have a user that is allowed to bind to the backend ldap server ...

Writing a pam_python module: “KeyError: getspnam(): name not found”

I'm using a pam_python module to log usernames and passwords used in SSH attempts. in /etc/pam.d/sshd I added this line: auth requisite pam_python.so /lib64/security/pwreveal.py This is /...

PAM LDAP connect and bind flow

Im managing a very strange case and I need a help from an expert on PAM Ldap. My architetture is: Linux (LDAP CLIENT) -> ODSSE (LDAP SERVER) -> ACTIVE DIRECTORY The ODSEE is configured to perform a ...

Two factor authentication for password login but not for login using keys files

I configured ssh to using keys files situated in ~/.ssh to login. Now I'd like to install a two factor authentication when using password, but not required when using key files. I've seen how to ...

How to local user login(PAM) with MySQL?

The MySQL server has already been configured and can be remotely accessed from the client. The client is debian and has installed 'libpam-mysql'. What additional settings should I set for the local ...

Recording Commands Run by a User on RHEL5

I am trying to use pam_tty_audit to record every commands run by a user. I SSH into the RHEL5 host and run sudo -i and then appended session required pam_tty_audit.so disable=* enable=root ...

fail2ban logs for failed ssh logins doubled - is it safe to edit sshd filter settings?

here is what I recently recognised: If I fail an ssh login once, there are 2 [sshd] Found entries in my fail2ban logs /var/log/fail2ban.log: 2016-07-29 15:12:27,856 fail2ban.filter [17476]: ...

Pam LDAP request returns wrong credentials (49)

I am trying to set up pam authentification using ldap from Debian jessy to an SLES11 server without success. I always receive a wrong credentials return althoug it can successfully bind usind ...

Postfix + Dovecot login fail only in Imap

sorry in advance because Im sure the problem is stupid, but after two days trying different configurations from Google and Serverfault it still not working. Im Newbie in Postfix/Dovecot After ...

SSH key authentication login issue with PAM

After setting up key authentication for SSH i'm having the following error : ssh remoteHost System is going down. Connection to remoteHostAddress closed by remote host. Connection to ...

Unable to authenticate via pam winbind using external domain credentials

I have a Linux server in my DMZ joined to a domain we'll call "DMZ". The "DMZ" domain has an external, outgoing, non-transitive trust with another domain we'll call "INSIDE". Winbind appears to ...

Unable to authenticate to AD using Kinit - cache file not found

I'm trying to set up Winbind with PAM and Kerberos to authenticate CentOS 7 against active directory. So far this is what I've done: yum -y install authconfig krb5-workstation pam_krb5 samba-common ...

How do I set PAM_RUSER when log in into ssh server?

I'm trying to log all ssh connections with logger and notification by mail. I have followed this : #179889 #!/bin/sh sender="xxx" recepient="xxx" if [ "$PAM_TYPE" != "close_session" ]; then ...

SSH Lockout after failed login attempts

I have an Ubuntu Server for my git repositories and other stuff. Sometimes someone trying to hack it (I think it's ok for servers) and after few failed login attempts SSH is locking out. I mean no one ...

Active Directory (LDAP) and pam using kerberos instead of bindpw or anonymous access

I have a system that currently uses an LDAP/AD server for authentication via pam and the pam_ldap module. In order to use this server for authentication pam_ldap requires an account which exposes the ...

Add all network users to local group for specific hosts in CentOS7

How would I add a network (sssd-ldap) user to a local group? More specifically, how can I add all network users who log into a system to a local group? It doesn't look like authconfig has a setting ...

Kerberos SSH/PAM login like AD

I've recently been trying to set up a new Ubuntu server environment, we've wanted to set up a single sign on system that functions similar to good old Windows AD. In this case you would SSH with a ...

could not login to system even on console after selinux relabling [closed]

So I was installing a software and later realized it disabled selinux of my system(running fedora server), so then I enabled selinux again and upon the reboot the system requires selinux relabeling of ...

can't su to a local account

I am trying following this guideto give root privileges to a user called deploy. But I am unable to su to deploy user. Steps I have taken, logged in as a root user then I added the deploy which is ...

Apache 2.4 replacement for mod_auth_shadow?

My employer has been running RHEL 6.x and Apache httpd 2.2 for many years. We are currently in the process of migrating to new hardware running RHEL 7.1 and Apache httpd 2.4. Our current web site has ...

Use xfreerdp as Window Manager with single sign-on through pam

I manage some workstations that run Linux and different flavours of BSD. Some of my users prefer to use Windows, and for them there is a terminal server set up which they can use. For their ...

Log in as unix user using password stored in htpasswd

I know this is possible to log in vsftpd using htpasswd (libpam-pwdfile) but in every tutorials I read, they use virtual user. My users are not virtual, they are local user I added using "adduser" ...

sftp prompt hangs on ls with chroot users authenticated with pam_mysql

OS: ubuntu 14.04 I setup pam_mysql, and it's working. I can login sql users via regular ssh/sftp just fine. The problem comes when I try and sftp using CHROOT sql users. Anytime ls is entered it ...

Can't make sshd+pam+ldap to work (AuthorizedKeysCommand?)

What I did: Installed libpam-ldapd Set up /etc/ldap/ldap.conf Set up /etc/ssh/ldap-keys.sh as root:root 0755, confirmed it works (/etc/ssh/ldap_keys.sh amadan returns my public keys from LDAP). Set ...

Confirm user_readenv is off in pam_env module

I firstly wanted to say "thank you!" for all the support that I have gained by reading the articles on this site - a major benefit for a web developer donning a sysadmin hat... We are currently ...

Automatically create home directory on NFS after LDAP login

My current situation is that I can successfully authenticate using ldap and pam, I also succeeded to use pam_mkdir to autocreate home directories in the /home filesystem. What now I'm trying to ...

What can be learned about a user from a failed SSH attempt?

What can be learned about a 'user' from a failed malicious SSH attempt? User name entered (/var/log/secure) Password entered (if configured, i.e. by using a PAM module) Source IP address (/var/log/...

Unable to login with SSH after configure LDAP authentication

I have a CoreOS server which i connected to my LDAP server. I get a correct answer after using id and ldapsearch commands. However, i still not able to login with SSH. I can see on sssd_LDAP.log ...

CentOS 6 ssh is not prompting for the verification code?

I have installed the pam radius rpm package, and successfully configured /etc/pam.d/sshd, /etc/ssh/sshd_config, & /etc/pam_radius.conf. I know it is working, as i am getting a push notification to ...

How to force sudo to use existing kerberos ticket?

Ok, so I'm using Windows Server 2012 as a Domain Controller. I've connected two Centos7 clients to the domain via samba. Authentication works as expected via SSH; however, when attempting to sudo, ...

Commenting out or removing an @include from /etc/pam.d/sshd with augtool

How can I either comment out or remove the "@include common-auth" line in /etc/pam.d/sshd? The default content is: ... # Standard Un*x authentication. @include common-auth ... The lens ...

Should SSSD perform AD access validation for matching local users?

I have been spending many, many happy hours exploring the sssd configuration needed to integrate RHEL7 and Active Directory. A large portion of those have included looking through the many posts here ...

Using server IP in PAM LDAP query

In our company we have a lot of servers (at this moment arount 20, numbers increasing). Not all LDAP users are allowed to get access to the same servers. My Idea is to make one user group per server ...

Enforce PAM password change through tacacs

We are using tac_plus 4.04 on a RHEL 7 server. Tacacs is setup for PAM authentication. Everything is working properly, however I would like the ability to enforce a user password change through tacacs....

Activating PAM configuration for Percona

I'm trying to configure Percona with LDAP support via PAM including group mappings and restriction. My Percona authentication setup is as follows: INSTALL PLUGIN pam SONAME 'auth_pam.so'; create ...

user not being associated with ldap group membership by id <username>

I have an existing set of Centos 5.4 servers that restrict login based on being a uniquemember of an ldap group vizusers. The users can be a direct uniquemember of the group or be a member of a group ...

CentOS 7 SSH and 2FA (ESET Secure Authentication)

I am stuck at getting two factor-authentication in CentOS 7 to work; specifically the authentication via SSH and OTP. I would very much appreciate it if someone could assist me with this. :) Edit: ...

nginx doesn't seem to recognize “auth_pam” directive

I'm trying to set up a basic http auth using the linux system credentials using pam. I installed the nginx-extras package and i can see that the pam dynamic module is getting loaded into nginx. My "...

PAM rules do not seem to take effect

Goal For mobile devices we wish to add an extra layer of security by requiring a PIN code upon ssh login. Mobile access is only a convenience service (users can always pull out their laptops) and ...

SSSD AD synchronization fails after Active Directory UPN change

I have recently run into a problem with my AD integration on a number of debian boxes. I use SSSD and krb5 to allow PAM to synchronize and authenticate users against the Active Directory. This has ...
Translating... 0%