search for: no_fake_prompt

...oblem is not with samba but it is with PAM? If anyone could help me with this problem it would be greatly appreciated!!! Thanks, Jeff Meyer The smb.conf and pam.conf files that I am using are below. pam.conf login auth sufficient pam_skey.so login auth sufficient pam_opie.so no_fake_prompts #login auth required pam_opieaccess.so login auth requisite pam_cleartext_pass_ok.so #login auth sufficient pam_kerberosIV.so try_first_pass #login auth sufficient pam_krb5.so try_first_pass login auth required pam_unix.so try_first_pass login...

...name.username browsable = yes read only = no #public = yes printable = no writeable = yes Pam.conf auth required pam_nologin.so no_warn auth sufficient pam_winbind.so auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth required pam_unix.so...

...What am I doing wrong ? Furthermore I went through this ordeal to allow domain users to authenticate with ssh. So I've modified the the /etc/pam.conf file like this (settings for ssh) : sshd auth sufficient pam_skey.so sshd auth sufficient pam_opie.so no_fake_prompts #this line is added by me sshd auth sufficient /usr/local/lib/pam_winbind.so #sshd auth requisite pam_opieaccess.so #sshd auth sufficient pam_kerberosIV.so try_first_pass #sshd auth sufficient pam_krb5.so try_first_pass s...

...elete user script = /usr/sbin/pw userdel %u ; delete user from group script = /usr/sbin/deluser %u %g delete group script = /usr/sbin/pw groupdel %g and here is my PAM stack for /etc/pam.d/system # System-wide defaults # # auth auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth sufficient pam_winbind.so try_first_pass #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_firs...

...es [homes] comment = Home Directories read only = No browseable = No Here's the /etc/pam.d/system file: # # $FreeBSD: src/etc/pam.d/system,v 1.1.32.1.4.1 2010/06/14 02:09:06 kensmith Exp $ # # System-wide defaults # # auth auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth sufficient /usr/local/lib/pam_winbind.so mkhomedir=yes #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth require...

...witch.conf group: files winbind group_compat: nis hosts: files dns networks: files passwd: files winbind passwd_compat: nis shells: files services: compat services_compat: nis protocols: files rpc: files # more /etc/pam.d/sshd # auth auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth sufficient /usr/local/lib/pam_winbind.so try_first_pass #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn tr...

...ebsd-security@freebsd.org Subject: RE: Opieaccess file, is this normal? Hi, Here is the content of /etc/pamd/ssh, it's actually the default, I didn't change it. auth required pam_nologin.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth required pam_unix.so no_warn try_first_pass account required pam_unix.so session required pam_permit.so password required pam_unix.so...

...hope) configurations. Any help would be greatly appreciated. Regards, Mike # /etc/pam.d/sshd auth sufficient /usr/local/samba/lib/security/pam_winbind.so auth sufficient pam_nologin.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth sufficient pam_unix.so no_warn try_first_pass account sufficient /usr/local/samba/lib/security/pam_winbind.so account required pam_unix.so session required...

...: compat winbind group_compat: nis hosts: files dns winbind networks: files passwd: compat winbind passwd_compat: nis shells: files and finally my /etc/pam.d/sshd # auth auth required pam_nologin.so no_warn #auth sufficient pam_opie.so no_warn no_fake_prompts #auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass #auth required pam_unix.so no_warn...

...: compat winbind group_compat: nis hosts: files dns winbind networks: files passwd: compat winbind passwd_compat: nis shells: files and finally my /etc/pam.d/sshd # auth auth required pam_nologin.so no_warn #auth sufficient pam_opie.so no_warn no_fake_prompts #auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass #auth required pam_unix.so no_warn...

Hi, I've configured opie (one time passwords) under FreeBSD and I came across the following problem. It looks like libpam does not stop the authentication process when a 'requisite' module fails. I find this strange as the pam 'requisite' is defined in the man pages as: requisite - failure of such a PAM results in the immediate termination of the authentication process; Here

...bind passwd_compat: nis shells: compat *****************copy end*********************** /etc/pam.d/system ****************copy start************************* # auth auth sufficient /usr/lib/pam_winbind.so try_first_pass auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth required pam_unix.so no_warn...

...tall samba Your smb.conf should be running in: security = domain And your /etc/pam.d/sshd should look like this: # auth auth sufficient pam_winbind.so auth sufficient pam_nologin.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth sufficient pam_unix.so no_warn try_first_pass account sufficient pam_winbind.so account required pam_unix.so session required pam_permit.so passw...

...d ran ldconfig(8). I have subsequently tried /usr/lib/compat too, but that shouldn't matter. I edited {pam.conf,pam.d/ftpd} to create entries for my FTP server, that looked like: auth required pam_nologin.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth sufficient pam_winbind.so debug try_first_pass auth required pam_unix.so no_warn try_first_pass account sufficient pam_winbind.so debug account required pam_uni...

Login seems to be ignoring my /etc/login.access settings. I have the following entries (see below) in my login.access, yet any new user (not in the wheel group) is still allowed to login. What am I missing? # $FreeBSD: src/etc/login.access,v 1.3 1999/08/27 23:23:42 peter Exp $ # -:ALL EXCEPT wheel:console -:ALL EXCEPT wheel:ALL Thanks, -- Scott Gerhardt, P.Geo. Gerhardt Information

...lar and can help. I'd like to compile support for FreeBSD OPIE into sshd. Presently I have to use PAM to achieve one-time password support. On a 4.x system I have in /etc/ssh/sshd_config ChallengeResponseAuthentication yes and in /etc/pam.conf sshd auth sufficient pam_opie.so no_fake_prompts To avoid the extra PAM process on 5.x, I'd prefer to just enable OPIE in the sshd binary, but I'm not sure if this is possible with a commandline option to make. I would like to rebuild it in the usual way: # cd /usr/src/secure/usr.sbin/sshd # make obj && make depend && m...

...,v 1.15 2003/04/30 21:57:54 markm Exp $ # # PAM configuration for the "sshd" service # # auth #sshd auth required pam_radius.so -update -/usr/local/etc/radius #auth required pam_nologin.so no_warn #auth sufficient pam_opie.so no_warn no_fake_prompts #auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass #auth required pam_unix.so no_war...

Hi, I'm trying to setup one-time passwords on freebsd5.2.1 >From what I've read so far, if the user is present in opiekeys, the opieaccess file determines if the user (coming from a specific host or network) is allowed to use his unix password from this specific network. As my opieaccess file is empty and the default rule (as mentionned in the man file) is deny, I should not be

...exist on the Samba Server which is FreeBSD 9 with samba 3.6. I have the following in /etc/pam.d/sshd # # $FreeBSD: releng/9.0/etc/pam.d/sshd 197769 2009-10-05 09:28:54Z des $ # # PAM configuration for the "sshd" service # # auth auth sufficient pam_opie.so no_warn no_fake_prompts auth sufficient /usr/local/lib/pam_winbind.so auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass #auth sufficient /usr/local/lib/pam_winbind.so...