search for: onerr

...3: #%PAM-1.0 @include common-auth @include common-account @include common-session (for this protocol everything works fine, I don't want to limit it.) dovecot-imap: #%PAM-1.0 @include common-auth auth sufficient pam_listfile.so item=rhost sense=allow file=/etc/dovecot/imaphosts onerr=fail auth required pam_listfile.so item=user sense=allow file=/etc/dovecot/imapusers onerr=fail @include common-account @include common-session If I'm not wrong, once the user is authenticated, PAM checks if the remote IP address is in imaphosts; if it's true, it returns PAM_...

...virt.conf: mech_list: PLAIN pwcheck_method: saslauthd /etc/sasl2/qemu.conf: mech_list: PLAIN pwcheck_method: saslauthd /etc/pam.d/libvirt: auth requisite pam_listfile.so item=group sense=allow file=/etc/libvirt/allow_group auth required pam_tally2.so onerr=succeed auth required pam_nologin.so auth required pam_unix.so try_first_pass likeauth nullok account requisite pam_listfile.so item=group sense=allow file=/etc/libvirt/allow_group account required pam_nologin.so account...

...tication/RestrictAccess but although I am not getting any errors, all users are still allowed access unless I block them with [vmoduser -i]. In [dovecot.conf] I have: passdb pam { args = * } In [/etc/pam.d/imap] I have: auth required pam_listfile.so item=user sense=allow file=/etc/imapusers onerr=fail And in [/etc/imapusers] I have specified the only users that should have access. Any ideas why this isn't working? ------------------------------------------------------- 2. Allow access for all users coming from a specific IP ------------------------------------------------------- I...

...cation acct="user" : exe="/usr/sbin/vsftpd" (hostname=hostname, addr=1.2.3.4, terminal=ftp res=failed)' cat /etc/pam.d/vsftpd #%PAM-1.0 session optional pam_keyinit.so force revoke auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed auth required pam_shells.so auth include system-auth account include system-auth session include system-auth session required pam_loginuid.so # grep local /etc/vsftpd/vsftpd.conf local_enable=YES local_umask=022 chroot_local_user=YES # getsebool -a | grep ftp allo...

Hello. Tried search, no luck, sorry, if this is already answered, but I'm still looking a solution using pam_auth how to define in dovecot which user can access which protocol, for example, default is: protocols = pop3 pop3s imap imaps I'd like to use something like this: exclude_using_pop = user1, user2, @group exclude_using_pops = user1, user2, @group exclude_using_imap = user1,

...and tried this also on stable (OpenSSH package version 1:3.0.1p1-0 from unstable); the situation is same there. Has anyone else noticed this or is it Debian's or my own problem? /etc/pam.d/ssh: --- #%PAM-1.0 auth required pam_listfile.so item=user sense=allow file=/etc/loginusers onerr=fail auth required pam_nologin.so auth required pam_unix.so auth required pam_env.so # [1] account required pam_unix.so session required pam_unix.so session optional pam_lastlog.so # [1] session optional pam_motd.so # [1] session optio...

...at ftp-server up, so please would someone help me out? My file: This one is heavily edited now, as I played trial and error for hours. # cat /etc/pam.d/vsftpd #%PAM-1.0 # Uncomment this to achieve what used to be ftpd -A. # auth required pam_listfile.so item=user sense=allow file=/etc/ftpchroot onerr=fail auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed auth sufficient /lib/security/pam_winbind.so auth required /lib/security/pam_shells.so account sufficient pam_winbind.so account required pam_unix2.so password required pam_pwcheck.so...

...e-login password include system-remote-login session include system-remote-login cat /etc/pam.d/system-remote-login auth include system-login account include system-login password include system-login session include system-login cat /etc/pam.d/system-login auth required pam_tally.so onerr=succeed auth required pam_shells.so auth required pam_nologin.so auth include system-auth account required pam_access.so account required pam_nologin.so account include system-auth account required pam_tally.so onerr=succeed password include system-auth session required pam_env.s...

...uch default. The system-auth in the pam.d is like that: ------------------- auth required pam_env.so auth sufficient pam_unix.so nullok auth sufficient pam_winbind.so try_first_pass auth required pam_deny.so auth required pam_tally2.so deny=3 onerr=fail unlock_time=60 account required pam_unix.so account sufficient pam_succeed_if.so uid < 500 quiet account sufficient pam_winbind.so account required pam_permit.so account required pam_tally2.so password sufficient pam_unix.so md5 shadow nullok...

...a.txt>> > <<smb.conf>> <<su.txt>> <<smb_server.conf>> > > > Thanks > > Tameika Reed > -------------- next part -------------- #%PAM-1.0 auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed #this line was changed should be pam_pwdb auth sufficient /lib/security/pam_winbind.so shadow auth required /lib/security/pam_shells.so #this line was changed should be pam_pwdb account required /lib/security/pam_winbind.so session required /lib/security/pam_pwdb.so -...

...curious since pam_motd never works, and it prints /etc/motd with a PAM_TEXT_INFO message via the same conversation mechanism. here is the pam config ive tested with: #%PAM-1.0 auth requisite pam_noulogin.so auth required pam_listfile.so item=user sense=deny file=/etc/ssh/ssh_rsa_only onerr=succeed auth required pam_unix.so auth required pam_env.so # [1] auth required pam_shells.so account requisite pam_noulogin.so account required pam_unix.so session required pam_unix.so session required pam_limits.so session optional pam_motd.so # [1] sessio...

...a.txt>> > <<smb.conf>> <<su.txt>> <<smb_server.conf>> > > > Thanks > > Tameika Reed > -------------- next part -------------- #%PAM-1.0 auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed #this line was changed should be pam_pwdb auth sufficient /lib/security/pam_winbind.so shadow auth required /lib/security/pam_shells.so #this line was changed should be pam_pwdb account required /lib/security/pam_winbind.so session required /lib/security/pam_pwdb.so -...

...proftpd on a Debian Jessie Samba 4.3.0 domain member and set it up to use AD for authentication and it works for me (note, I did not use ldap authentication, I used PAM) My PAM setup is this: /etc/pam.d/proftpd auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed @include common-auth @include common-account @include common-session /etc/pam.d/common-auth auth [success=3 default=ignore] pam_krb5.so minimum_uid=1000 auth [success=2 default=ignore] pam_unix.so nullok_secure try_first_pass auth [success=1 default=ignore] pam_wi...

...allow Winbind ftp access in a manner similar to the samba file. My <filename>/etc/pam.d/ftp</filename> file was changed to look like this: ----- smb.conf? <programlisting> auth required /lib/security/pam_listfile.so item=user sense=deny \ file=/etc/ftpusers onerr=succeed -- --- Oota Toshiya --- t-oota at dh.jp.nec.com NEC Systems Software Operations Unit Shiba,Minato,Tokyo IT Platform Solutions Division Japan,Earth,Solar system (samba-jp/ldap-jp Staff,mutt-j/samba-jp postmaster)

I'd like to toss a feature request on the table for consideration. We currently use a different popd because of a feature that allows us to restrict pop access based upon an allowed users list. This is the only thing that keeps us from using the popd in dovecot currently. It's a simple text file of usernames that are allowed to use pop, if the name isn't in that list then pop

...n OSX to use PAM authentication against a flat_file/static userdb (tho i will _eventually_ mv to pgsql ...). iiuc, to do so i need something like: =================================== (EDITOR) /etc/pam.d/dovecot.imap auth required pam_listfile.so item=user sense=allow file=/var/dovecot/imapusers onerr=fail =================================== for a userdb listing in "/var/imapuser". all simple & good, except -- -- where's "pam_listfile.so" on OSX? % ls /usr/lib/pam/ pam_afpmount.so pam_nologin.so pam_securetty.so pam_uwtmp.so pam_deny.so p...

...users may find themselves locked out of other application - even with valid credentials, or may be able to access the system when the account should be locked out. Base system: Fedora Core 5, added pam_tally lines to /etc/pam.d/system-auth as follows: auth required /lib/security/$ISA/pam_tally.so onerr=fail deny=5 account required /lib/security/$ISA/pam_tally.so This leads to the following buggy behaviour: (using password authentication) 1) The tally only increases once with each ssh session, not with each bad password (as the default is 3 tries before failure, this means I can get in 3 bad pass...

I've been trying to get openssh to play nicely with chroot()'ed accounts (on Red Hat Linux 7.1), but so far, I haven't had much success. I can stick this line in /etc/pam.d/sshd: session required /lib/security/pam_chroot.so debug onerr=fail For slogin, this works great. But scp and sftp don't apply the chroot, because they don't invoke do_pam_session(). Even worse, I can't disable sftp access for chroot()'ed accounts without disabling it for everyone. (Using the "command" option in the authorized_key...

I would like disable password authentication in sshd for particular users, without locking their UNIX password, and without requiring all users to use PubkeyAuthentication. I cannot find a documented way to accomplish this in OpenSSH. Is it currently possible? If not, I think this would be a very useful feature to add. I believe that each user should have some control of which authentication

Hi al.I have a problem with pam.d authentication rules. I searched on google and modified my system-auth file.Bu some rules does not works properly my system-auth like below: -------------------------- auth required pam_env.so auth required pam_tally.so onerr=fail per_user deny=3 auth sufficient pam_unix.so md5 nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so account required pam_tally.so account required pam_unix.so account sufficient pam_succ...