Newest pam Questions

Q&A for system and network administrators

Confirm user_readenv is off in pam_env module

I firstly wanted to say "thank you!" for all the support that I have gained by reading the articles on this site - a major benefit for a web developer donning a sysadmin hat... We are currently ...

How to limit number logins with su using pam_limits

I have configured the /etc/security/limits.conf to have the below line: testuser hard maxlogins 1 I have tried to ssh to the system from that user, and its blocked me the second time... ...

nginx doesn't seem to recognize “auth_pam” directive

I'm trying to set up a basic http auth using the linux system credentials using pam. I installed the nginx-extras package and i can see that the pam dynamic module is getting loaded into nginx. My "...

Use phpLDAPadmin to forces users to change their password

I setup an LDAP server and configured several machines to authenticate using that server. These guides got me through setting up user accounts, putting them in designated groups, etc all using ...

Recording Commands Run by a User on RHEL5

I am trying to use pam_tty_audit to record every commands run by a user. I SSH into the RHEL5 host and run sudo -i and then appended session required pam_tty_audit.so disable=* enable=root ...

Unable to authenticate with PAM under non-root user

I am trying to build an application on a CentOS 7 server that needs to authenticate against PAM. The application is Python-based, so I have integrated python-pam into the project. The application ...

Public SSH logins with no authentication at all

I want to create a public service that I want to share via SSH. Like the famous Star Wars telnet towel.blinkenlights.nl but via SSH. For this purpose I want to accept any user without any ...

Active Directory (LDAP) and pam using kerberos instead of bindpw or anonymous access

I have a system that currently uses an LDAP/AD server for authentication via pam and the pam_ldap module. In order to use this server for authentication pam_ldap requires an account which exposes the ...

SSH login with defined authentication methods

I have a small server, and I would like to be able to login using SSH with 2 methods: Public key Password and then a PAM made in Python I successfully installed libpam-python, and added this line to ...

Kerberos SSH/PAM login like AD

I've recently been trying to set up a new Ubuntu server environment, we've wanted to set up a single sign on system that functions similar to good old Windows AD. In this case you would SSH with a ...

Enforce PAM password change through tacacs

We are using tac_plus 4.04 on a RHEL 7 server. Tacacs is setup for PAM authentication. Everything is working properly, however I would like the ability to enforce a user password change through tacacs....

Postfix: Can't sent email to myself

I'm new to postfix. Receiving e-mails works fine, but Can't sent email to myself. Such as test1@mydomain123.com to test1@mydomain123.com ERR:User not found. Just while using SMTP from external hosts. ...

Unable to login with SSH after configure LDAP authentication

I have a CoreOS server which i connected to my LDAP server. I get a correct answer after using id and ldapsearch commands. However, i still not able to login with SSH. I can see on sssd_LDAP.log ...

LDAP SSH + PubKey auth Fallback

I have followed this guide here : https://github.com/jirutka/ssh-ldap-pubkey In order to setup a LDAP server that allows authentication requesting both Password and Public Key in order to login. Now ...

configure linux login against active directory ldap

I have a bit of a complicated situation and I haven't yet been able to solve it with the information I found here and the internet. I have a user that is allowed to bind to the backend ldap server ...

CentOS 7 SSH and 2FA (ESET Secure Authentication)

I am stuck at getting two factor-authentication in CentOS 7 to work; specifically the authentication via SSH and OTP. I would very much appreciate it if someone could assist me with this. :) Edit: ...

Two factor authentication for password login but not for login using keys files

I configured ssh to using keys files situated in ~/.ssh to login. Now I'd like to install a two factor authentication when using password, but not required when using key files. I've seen how to ...

Activating PAM configuration for Percona

I'm trying to configure Percona with LDAP support via PAM including group mappings and restriction. My Percona authentication setup is as follows: INSTALL PLUGIN pam SONAME 'auth_pam.so'; create ...

Can ssh generate a kerberos ticket? (FreeBSD)

TL;DR I want to be able to ssh from a FreeBSD host to a FreeBSD host, using my kerberos ticket generated when I first logged in. Question Environment FreeBSD 10.3 with working openldap-sasl-client,...

PAM LDAP connect and bind flow

Im managing a very strange case and I need a help from an expert on PAM Ldap. My architetture is: Linux (LDAP CLIENT) -> ODSSE (LDAP SERVER) -> ACTIVE DIRECTORY The ODSEE is configured to perform a ...

Postfix + Dovecot login fail only in Imap

sorry in advance because Im sure the problem is stupid, but after two days trying different configurations from Google and Serverfault it still not working. Im Newbie in Postfix/Dovecot After ...

Why is the $PAM_RHOST env var not set by openssh-server

I have a script running called from /etc/pam.d/sshd with the following line: session optional pam_exec.so /usr/local/bin/notify-login The script gets called as expected everytime someone ...

CentOS 6 ssh is not prompting for the verification code?

I have installed the pam radius rpm package, and successfully configured /etc/pam.d/sshd, /etc/ssh/sshd_config, & /etc/pam_radius.conf. I know it is working, as i am getting a push notification to ...

SSSD AD synchronization fails after Active Directory UPN change

I have recently run into a problem with my AD integration on a number of debian boxes. I use SSSD and krb5 to allow PAM to synchronize and authenticate users against the Active Directory. This has ...

VSFTPD error 530 on fresh install

I need to setup an FTP server and SFTP server on EC2 supporting both password and cert logins. I just used the stock RHEL and Amazon AMI's and I can't login to either. $ sudo yum install vsftpd $ ...

Unable to authenticate to AD using Kinit - cache file not found

I'm trying to set up Winbind with PAM and Kerberos to authenticate CentOS 7 against active directory. So far this is what I've done: yum -y install authconfig krb5-workstation pam_krb5 samba-common ...

Unable to authenticate via pam winbind using external domain credentials

I have a Linux server in my DMZ joined to a domain we'll call "DMZ". The "DMZ" domain has an external, outgoing, non-transitive trust with another domain we'll call "INSIDE". Winbind appears to ...

How to set-up google-authenticator and set specific match rules to allow different login rules?

I'm trying to set Google-Authenticator (google 2 factor authentication). The relevant files are: [root@srv01 ~]# cat /etc/pam.d/sshd #%PAM-1.0 auth required pam_google_authenticator.so auth ...

SLES12, Authentication with PAM and LDAP

I want to set up an ssh-server which can authenticate against a ldap-server. The ldap-server is already running (openldap). Now I've installed a fresh SLES12SP1-Server and followed some tutorials for ...

Allow both domain users *and* local users to Centos 7 server

I need to allow domain users (userid and password) access to a Centos 7 server, as well as local users (SSH key/passwordless). I have configured sshd_config with both AllowUsers and AllowGroups and ...

Can't make sshd+pam+ldap to work (AuthorizedKeysCommand?)

What I did: Installed libpam-ldapd Set up /etc/ldap/ldap.conf Set up /etc/ssh/ldap-keys.sh as root:root 0755, confirmed it works (/etc/ssh/ldap_keys.sh amadan returns my public keys from LDAP). Set ...

can't su to a local account

I am trying following this guideto give root privileges to a user called deploy. But I am unable to su to deploy user. Steps I have taken, logged in as a root user then I added the deploy which is ...

Automatically create home directory on NFS after LDAP login

My current situation is that I can successfully authenticate using ldap and pam, I also succeeded to use pam_mkdir to autocreate home directories in the /home filesystem. What now I'm trying to ...

user not being associated with ldap group membership by id <username>

I have an existing set of Centos 5.4 servers that restrict login based on being a uniquemember of an ldap group vizusers. The users can be a direct uniquemember of the group or be a member of a group ...

sftp prompt hangs on ls with chroot users authenticated with pam_mysql

OS: ubuntu 14.04 I setup pam_mysql, and it's working. I can login sql users via regular ssh/sftp just fine. The problem comes when I try and sftp using CHROOT sql users. Anytime ls is entered it ...

SUDO Keeps promting for password, when using SSSD with AD

Hi I am trying to setup SSSD to authenticate to AD on RHEL. I able able to login with my AD user and password and see my groups when I run id. But when I try to use sudo, it just keeps prompting for ...

Apache 2.4 replacement for mod_auth_shadow?

My employer has been running RHEL 6.x and Apache httpd 2.2 for many years. We are currently in the process of migrating to new hardware running RHEL 7.1 and Apache httpd 2.4. Our current web site has ...

Commenting out or removing an @include from /etc/pam.d/sshd with augtool

How can I either comment out or remove the "@include common-auth" line in /etc/pam.d/sshd? The default content is: ... # Standard Un*x authentication. @include common-auth ... The lens ...

Add all network users to local group for specific hosts in CentOS7

How would I add a network (sssd-ldap) user to a local group? More specifically, how can I add all network users who log into a system to a local group? It doesn't look like authconfig has a setting ...

SSH key authentication login issue with PAM

After setting up key authentication for SSH i'm having the following error : ssh remoteHost System is going down. Connection to remoteHostAddress closed by remote host. Connection to ...

OpenLDAP client inside a docker container

I have a docker container running CentOS 6 with a non-root user and OpenLDAP. When I use getent passwd it just returns the data from /etc/passwd. The config file /etc/nsswitch.conf is customized ...

LDAP changing password for wrong user?

I have an OpenLDAP server setup. I currently have two users added to my server. As far as my testing goes, a single user instance work just perfectly. My first issue arise when i have two users on the ...

Should SSSD perform AD access validation for matching local users?

I have been spending many, many happy hours exploring the sssd configuration needed to integrate RHEL7 and Active Directory. A large portion of those have included looking through the many posts here ...

fail2ban logs for failed ssh logins doubled - is it safe to edit sshd filter settings?

here is what I recently recognised: If I fail an ssh login once, there are 2 [sshd] Found entries in my fail2ban logs /var/log/fail2ban.log: 2016-07-29 15:12:27,856 fail2ban.filter [17476]: ...

SSH Lockout after failed login attempts

I have an Ubuntu Server for my git repositories and other stuff. Sometimes someone trying to hack it (I think it's ok for servers) and after few failed login attempts SSH is locking out. I mean no one ...

Use xfreerdp as Window Manager with single sign-on through pam

I manage some workstations that run Linux and different flavours of BSD. Some of my users prefer to use Windows, and for them there is a terminal server set up which they can use. For their ...

Using server IP in PAM LDAP query

In our company we have a lot of servers (at this moment arount 20, numbers increasing). Not all LDAP users are allowed to get access to the same servers. My Idea is to make one user group per server ...

How to change the Default Shell Properties to Bash for non-local accounts that users Active Directory

We did an integration of CentOS 6 with Active Directory. I would like to know how to change the Default Shell Properties to Bash for non-local accounts. For the local accounts we use chsh -s /bin/...

How to force sudo to use existing kerberos ticket?

Ok, so I'm using Windows Server 2012 as a Domain Controller. I've connected two Centos7 clients to the domain via samba. Authentication works as expected via SSH; however, when attempting to sudo, ...

Pam LDAP request returns wrong credentials (49)

I am trying to set up pam authentification using ldap from Debian jessy to an SLES11 server without success. I always receive a wrong credentials return althoug it can successfully bind usind ...
Translating... 0%