Newest pam Questions

Q&A for system and network administrators

Unable to login with SSH after configure LDAP authentication

I have a CoreOS server which i connected to my LDAP server. I get a correct answer after using id and ldapsearch commands. However, i still not able to login with SSH. I can see on sssd_LDAP.log ...

SunLDAP Schema Extensions to support Linux/Unix Authentication + Sudo

We are running SunLDAP (Sun/Oracle Directory server 11), and would like our Linux/Unix machines to authenticate against LDAP and also use LDAP for storing SUDO policies. What Schema Extensions are ...

Unable to authenticate to AD using Kinit - cache file not found

I'm trying to set up Winbind with PAM and Kerberos to authenticate CentOS 7 against active directory. So far this is what I've done: yum -y install authconfig krb5-workstation pam_krb5 samba-common ...

Apache 2.4 replacement for mod_auth_shadow?

My employer has been running RHEL 6.x and Apache httpd 2.2 for many years. We are currently in the process of migrating to new hardware running RHEL 7.1 and Apache httpd 2.4. Our current web site has ...

Allow both domain users *and* local users to Centos 7 server

I need to allow domain users (userid and password) access to a Centos 7 server, as well as local users (SSH key/passwordless). I have configured sshd_config with both AllowUsers and AllowGroups and ...

Enforce PAM password change through tacacs

We are using tac_plus 4.04 on a RHEL 7 server. Tacacs is setup for PAM authentication. Everything is working properly, however I would like the ability to enforce a user password change through tacacs....

user not being associated with ldap group membership by id <username>

I have an existing set of Centos 5.4 servers that restrict login based on being a uniquemember of an ldap group vizusers. The users can be a direct uniquemember of the group or be a member of a group ...

SUDO Keeps promting for password, when using SSSD with AD

Hi I am trying to setup SSSD to authenticate to AD on RHEL. I able able to login with my AD user and password and see my groups when I run id. But when I try to use sudo, it just keeps prompting for ...

Automatically create home directory on NFS after LDAP login

My current situation is that I can successfully authenticate using ldap and pam, I also succeeded to use pam_mkdir to autocreate home directories in the /home filesystem. What now I'm trying to ...

Postfix: Can't sent email to myself

I'm new to postfix. Receiving e-mails works fine, but Can't sent email to myself. Such as test1@mydomain123.com to test1@mydomain123.com ERR:User not found. Just while using SMTP from external hosts. ...

Add all network users to local group for specific hosts in CentOS7

How would I add a network (sssd-ldap) user to a local group? More specifically, how can I add all network users who log into a system to a local group? It doesn't look like authconfig has a setting ...

Can ssh generate a kerberos ticket? (FreeBSD)

TL;DR I want to be able to ssh from a FreeBSD host to a FreeBSD host, using my kerberos ticket generated when I first logged in. Question Environment FreeBSD 10.3 with working openldap-sasl-client,...

How to limit number logins with su using pam_limits

I have configured the /etc/security/limits.conf to have the below line: testuser hard maxlogins 1 I have tried to ssh to the system from that user, and its blocked me the second time... ...

How to force sudo to use existing kerberos ticket?

Ok, so I'm using Windows Server 2012 as a Domain Controller. I've connected two Centos7 clients to the domain via samba. Authentication works as expected via SSH; however, when attempting to sudo, ...

SLES12, Authentication with PAM and LDAP

I want to set up an ssh-server which can authenticate against a ldap-server. The ldap-server is already running (openldap). Now I've installed a fresh SLES12SP1-Server and followed some tutorials for ...

Use xfreerdp as Window Manager with single sign-on through pam

I manage some workstations that run Linux and different flavours of BSD. Some of my users prefer to use Windows, and for them there is a terminal server set up which they can use. For their ...

Active Directory (LDAP) and pam using kerberos instead of bindpw or anonymous access

I have a system that currently uses an LDAP/AD server for authentication via pam and the pam_ldap module. In order to use this server for authentication pam_ldap requires an account which exposes the ...

Force nproc ulimit on non interactive user

I have a script that can be launched n times at the same time through php-fpm. php-fpm pool is set to run under a certain username and I want to limit the number of processes this username can launch. ...

LDAP SSH + PubKey auth Fallback

I have followed this guide here : https://github.com/jirutka/ssh-ldap-pubkey In order to setup a LDAP server that allows authentication requesting both Password and Public Key in order to login. Now ...

Confirm user_readenv is off in pam_env module

I firstly wanted to say "thank you!" for all the support that I have gained by reading the articles on this site - a major benefit for a web developer donning a sysadmin hat... We are currently ...

Pam LDAP request returns wrong credentials (49)

I am trying to set up pam authentification using ldap from Debian jessy to an SLES11 server without success. I always receive a wrong credentials return althoug it can successfully bind usind ...

PAM understanding use_first_pass

In PAM modules like pam_unix.so, the manual describes the difference between use_first_pass and try_first_pass. However, i wanted to test that with the passwd command (Changing the password for a user)...

CentOS 6 ssh is not prompting for the verification code?

I have installed the pam radius rpm package, and successfully configured /etc/pam.d/sshd, /etc/ssh/sshd_config, & /etc/pam_radius.conf. I know it is working, as i am getting a push notification to ...

sftp prompt hangs on ls with chroot users authenticated with pam_mysql

OS: ubuntu 14.04 I setup pam_mysql, and it's working. I can login sql users via regular ssh/sftp just fine. The problem comes when I try and sftp using CHROOT sql users. Anytime ls is entered it ...

Activating PAM configuration for Percona

I'm trying to configure Percona with LDAP support via PAM including group mappings and restriction. My Percona authentication setup is as follows: INSTALL PLUGIN pam SONAME 'auth_pam.so'; create ...

Why is the $PAM_RHOST env var not set by openssh-server

I have a script running called from /etc/pam.d/sshd with the following line: session optional pam_exec.so /usr/local/bin/notify-login The script gets called as expected everytime someone ...

Use phpLDAPadmin to forces users to change their password

I setup an LDAP server and configured several machines to authenticate using that server. These guides got me through setting up user accounts, putting them in designated groups, etc all using ...

Unable to authenticate via pam winbind using external domain credentials

I have a Linux server in my DMZ joined to a domain we'll call "DMZ". The "DMZ" domain has an external, outgoing, non-transitive trust with another domain we'll call "INSIDE". Winbind appears to ...

configure linux login against active directory ldap

I have a bit of a complicated situation and I haven't yet been able to solve it with the information I found here and the internet. I have a user that is allowed to bind to the backend ldap server ...

Can't make sshd+pam+ldap to work (AuthorizedKeysCommand?)

What I did: Installed libpam-ldapd Set up /etc/ldap/ldap.conf Set up /etc/ssh/ldap-keys.sh as root:root 0755, confirmed it works (/etc/ssh/ldap_keys.sh amadan returns my public keys from LDAP). Set ...

Recording Commands Run by a User on RHEL5

I am trying to use pam_tty_audit to record every commands run by a user. I SSH into the RHEL5 host and run sudo -i and then appended session required pam_tty_audit.so disable=* enable=root ...

nginx doesn't seem to recognize “auth_pam” directive

I'm trying to set up a basic http auth using the linux system credentials using pam. I installed the nginx-extras package and i can see that the pam dynamic module is getting loaded into nginx. My "...

OpenVPN authentication using pam_winbind

I'm running an OpenVPN Server on a Debian machine joined to my Active Directory Domain. I'd like to use pam_winbind for VPN authentication. This is where the troubles arise. Authentication is working ...

OpenLDAP client inside a docker container

I have a docker container running CentOS 6 with a non-root user and OpenLDAP. When I use getent passwd it just returns the data from /etc/passwd. The config file /etc/nsswitch.conf is customized ...

Should SSSD perform AD access validation for matching local users?

I have been spending many, many happy hours exploring the sssd configuration needed to integrate RHEL7 and Active Directory. A large portion of those have included looking through the many posts here ...

Unable to authenticate with PAM under non-root user

I am trying to build an application on a CentOS 7 server that needs to authenticate against PAM. The application is Python-based, so I have integrated python-pam into the project. The application ...

VSFTPD error 530 on fresh install

I need to setup an FTP server and SFTP server on EC2 supporting both password and cert logins. I just used the stock RHEL and Amazon AMI's and I can't login to either. $ sudo yum install vsftpd $ ...

PAM LDAP connect and bind flow

Im managing a very strange case and I need a help from an expert on PAM Ldap. My architetture is: Linux (LDAP CLIENT) -> ODSSE (LDAP SERVER) -> ACTIVE DIRECTORY The ODSEE is configured to perform a ...

Two factor authentication for password login but not for login using keys files

I configured ssh to using keys files situated in ~/.ssh to login. Now I'd like to install a two factor authentication when using password, but not required when using key files. I've seen how to ...

Ssh + ldap not asking for private/public key

I have fully configured a LDAP server which works perfectly for authenticating users across my multiple nodes. I wanted to add an extra layer of security with the usual two factor public private key. ...

How to set-up google-authenticator and set specific match rules to allow different login rules?

I'm trying to set Google-Authenticator (google 2 factor authentication). The relevant files are: [root@srv01 ~]# cat /etc/pam.d/sshd #%PAM-1.0 auth required pam_google_authenticator.so auth ...

fail2ban logs for failed ssh logins doubled - is it safe to edit sshd filter settings?

here is what I recently recognised: If I fail an ssh login once, there are 2 [sshd] Found entries in my fail2ban logs /var/log/fail2ban.log: 2016-07-29 15:12:27,856 fail2ban.filter [17476]: ...

CentOS 7 SSH and 2FA (ESET Secure Authentication)

I am stuck at getting two factor-authentication in CentOS 7 to work; specifically the authentication via SSH and OTP. I would very much appreciate it if someone could assist me with this. :) Edit: ...

Public SSH logins with no authentication at all

I want to create a public service that I want to share via SSH. Like the famous Star Wars telnet towel.blinkenlights.nl but via SSH. For this purpose I want to accept any user without any ...

How to change the Default Shell Properties to Bash for non-local accounts that users Active Directory

We did an integration of CentOS 6 with Active Directory. I would like to know how to change the Default Shell Properties to Bash for non-local accounts. For the local accounts we use chsh -s /bin/...

SSH login with defined authentication methods

I have a small server, and I would like to be able to login using SSH with 2 methods: Public key Password and then a PAM made in Python I successfully installed libpam-python, and added this line to ...

Restrict access to Linux via PAM with configured SSO

i have SLES 12 in Active Directory Domain. Single Sign On for SSH is configured. I want to allow access to server only to some AD groups via PAM (not only for SSH Service, ftp, etc.). I tried to add ...

Using server IP in PAM LDAP query

In our company we have a lot of servers (at this moment arount 20, numbers increasing). Not all LDAP users are allowed to get access to the same servers. My Idea is to make one user group per server ...

LDAP changing password for wrong user?

I have an OpenLDAP server setup. I currently have two users added to my server. As far as my testing goes, a single user instance work just perfectly. My first issue arise when i have two users on the ...

changing where pam_mkhomedir makes a directory

I want to create user directories for an LDAP user (389-ds) If they don't exist so I am using pam_mkhomedir . How do I create these directories on a different mount point say /nfs/home instead . I ...
Translating... 0%