search for: no_warn

...= no public = yes printable = no writeable = yes [sarg] comment = sarg report files path = /usr/report username = domain-name.username browsable = yes read only = no #public = yes printable = no writeable = yes Pam.conf auth required pam_nologin.so no_warn auth sufficient pam_winbind.so auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_firs...

...e %u delete user script = /usr/sbin/pw userdel %u ; delete user from group script = /usr/sbin/deluser %u %g delete group script = /usr/sbin/pw groupdel %g and here is my PAM stack for /etc/pam.d/system # System-wide defaults # # auth auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth sufficient pam_winbind.so try_first_pass #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so n...

...inks = Yes [homes] comment = Home Directories read only = No browseable = No Here's the /etc/pam.d/system file: # # $FreeBSD: src/etc/pam.d/system,v 1.1.32.1.4.1 2010/06/14 02:09:06 kensmith Exp $ # # System-wide defaults # # auth auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth sufficient /usr/local/lib/pam_winbind.so mkhomedir=yes #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth...

.../etc/nsswitch.conf group: files winbind group_compat: nis hosts: files dns networks: files passwd: files winbind passwd_compat: nis shells: files services: compat services_compat: nis protocols: files rpc: files # more /etc/pam.d/sshd # auth auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth sufficient /usr/local/lib/pam_winbind.so try_first_pass #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so...

...winnt/%D%U template shell = /usr/local/bin/bash My nsswitch.conf group: compat winbind group_compat: nis hosts: files dns winbind networks: files passwd: compat winbind passwd_compat: nis shells: files and finally my /etc/pam.d/sshd # auth auth required pam_nologin.so no_warn #auth sufficient pam_opie.so no_warn no_fake_prompts #auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn...

...winnt/%D%U template shell = /usr/local/bin/bash My nsswitch.conf group: compat winbind group_compat: nis hosts: files dns winbind networks: files passwd: compat winbind passwd_compat: nis shells: files and finally my /etc/pam.d/sshd # auth auth required pam_nologin.so no_warn #auth sufficient pam_opie.so no_warn no_fake_prompts #auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn...

...exactly as below: $ cat /etc/pam.conf # # $FreeBSD: src/etc/pam.d/sshd,v 1.15 2003/04/30 21:57:54 markm Exp $ # # PAM configuration for the "sshd" service # # auth #sshd auth required pam_radius.so -update -/usr/local/etc/radius #auth required pam_nologin.so no_warn #auth sufficient pam_opie.so no_warn no_fake_prompts #auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_war...

...iles winbind passwd_compat: nis shells: compat *****************copy end*********************** /etc/pam.d/system ****************copy start************************* # auth auth sufficient /usr/lib/pam_winbind.so try_first_pass auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth required pam_unix.so...

...s # args = max_requests=12 args = %s } and /etc/pam.d/{imap,pop3} were untouched; both as follows # # $FreeBSD: releng/10.3/etc/pam.d/pop3 170771 2007-06-15 11:33:13Z yar $ # # PAM configuration for the "pop3" service # # auth #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass # account #account required pam_nologin.so account required pam_unix.so

...Windows 2000 server... Another change I did was modifying the /etc/pam.d/system to make both unix and krb5 sufficient: --- /usr/src/etc/pam.d/system Sat Jun 14 08:35:05 2003 +++ /etc/pam.d/system Fri Jan 28 20:29:06 2005 @@ -9,5 +9,5 @@ auth requisite pam_opieaccess.so no_warn allow_local -#auth sufficient pam_krb5.so no_warn try_first_pass +auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass -auth required pam_unix.so...

Hello, I found that in the new FreeBSD 9.2 (probably in 10 also) updated OpenPAM sources. The big embarrassment was in pam_get_authtok.c. The problem is that even without a valid SSH login it's possible to know the server's hostname. az at az:/home/az % ssh 1.2.3.4 Password for az at real.hostname.com: Changes made by "des":

...] On Behalf Of Didier Wiroth Sent: Thursday, June 24, 2004 09:06 To: freebsd-security@freebsd.org Subject: RE: Opieaccess file, is this normal? Hi, Here is the content of /etc/pamd/ssh, it's actually the default, I didn't change it. auth required pam_nologin.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth required pam_unix.so no_warn try_first_pass account required pam_unix.so session requ...

...shows up correctly when issuing a wbinfo -u. Here are some relevent (I hope) configurations. Any help would be greatly appreciated. Regards, Mike # /etc/pam.d/sshd auth sufficient /usr/local/samba/lib/security/pam_winbind.so auth sufficient pam_nologin.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth sufficient pam_unix.so no_warn try_first_pass account sufficient /usr/local/samba/lib/security/pam_win...

...hey only exist on the Samba Server which is FreeBSD 9 with samba 3.6. I have the following in /etc/pam.d/sshd # # $FreeBSD: releng/9.0/etc/pam.d/sshd 197769 2009-10-05 09:28:54Z des $ # # PAM configuration for the "sshd" service # # auth auth sufficient pam_opie.so no_warn no_fake_prompts auth sufficient /usr/local/lib/pam_winbind.so auth requisite pam_opieaccess.so no_warn allow_local #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass #auth sufficient /usr/local/lib/...

...session for SSH2. To reproduce: Build openssh with --with-pam option Install samba Your smb.conf should be running in: security = domain And your /etc/pam.d/sshd should look like this: # auth auth sufficient pam_winbind.so auth sufficient pam_nologin.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth sufficient pam_unix.so no_warn try_first_pass account sufficient pam_winbind.so account...

Hi, I'm trying to setup one-time passwords on freebsd5.2.1 >From what I've read so far, if the user is present in opiekeys, the opieaccess file determines if the user (coming from a specific host or network) is allowed to use his unix password from this specific network. As my opieaccess file is empty and the default rule (as mentionned in the man file) is deny, I should not be

...ne), so I manually copied this file into /usr/local/lib/compat and ran ldconfig(8). I have subsequently tried /usr/lib/compat too, but that shouldn't matter. I edited {pam.conf,pam.d/ftpd} to create entries for my FTP server, that looked like: auth required pam_nologin.so no_warn auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth sufficient pam_winbind.so debug try_first_pass auth required pam_unix.so no_warn try_first_pass account suffic...

>> auth: in openpam_parse_chain(): /etc/pam.d/dovecot(1): missing or invalid facility > > I do not think that it has something to do with the dovecot settings > itself but perhaps with the pam facility settings instead? i can believe that. any clues to debug? randy

...and /etc/pam.d/{imap,pop3} were untouched; both as follows > > # > # $FreeBSD: releng/10.3/etc/pam.d/pop3 170771 2007-06-15 11:33:13Z yar $ > # > # PAM configuration for the "pop3" service > # > > # auth > #auth sufficient pam_krb5.so no_warn try_first_pass > #auth sufficient pam_ssh.so no_warn try_first_pass > auth required pam_unix.so no_warn try_first_pass > > # account > #account required pam_nologin.so > account required pam_uni...

Hi, I'm trying to setup Dovecot with MS AD and am using this as my guide: http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm I can definitely access information on the AD server using wbinfo -g and wbinfo -u..... Currently my dovecot.conf file looks like this: # v1.1: #auth_ntlm_use_winbind = yes # v1.2+: auth_use_winbind = yes auth_winbind_helper_path = /usr/local/bin/ntlm_auth