search for: pam_listfil

Displaying 20 results from an estimated 48 matches for "pam_listfil".

Did you mean: pam_listfile
2002 Feb 13
2
Problem with using both pam_listfile to deny logins and pubkey authentication
Hi, I'm trying to use pam_listfile.so to deny logins from all others but few users (names in /etc/loginusers). With password authentication it works fine, but with public key authentication OpenSSH lets in users whose names arent't in /etc/loginusers. AllowUsers in sshd_config does what one would expect. I'm using Open...
2005 Aug 02
0
where is "pam_listfile.so" for static userdb?
hi all, i'm setting up Dovecot on OSX to use PAM authentication against a flat_file/static userdb (tho i will _eventually_ mv to pgsql ...). iiuc, to do so i need something like: =================================== (EDITOR) /etc/pam.d/dovecot.imap auth required pam_listfile.so item=user sense=allow file=/var/dovecot/imapusers onerr=fail =================================== for a userdb listing in "/var/imapuser". all simple & good, except -- -- where's "pam_listfile.so" on OSX? % ls /usr/lib/pam/ pam_afpmount.so pam_nologin.s...
2004 May 14
0
winbind - pam_listfile.so for solaris
We use samba 2.2.9 with winbind. We use winbind for authentication. I was able to selectively limit pop3 use among winbind users on redhat 9 with this pam configuration. (As you would use it in ftpusers, in the reverse sense.) auth required /lib/security/pam_listfile.so item=user onerr=fail sense=allow file=/etc/pop3users This is the best solution for my situation, and I want to have that on my Solaris servers as well. However, I couldn't find from my long searches whether there's an equivalent of pam_listfile.so for solaris. I understand users can...
2010 Dec 27
3
Dovecot - AllowGroups option
Hi, I'm trying to control access to different services on an Debian server using /etc/group. So that a user I create for FTP usage doesn't fill up my server with IMAP folders or samba garbage. Services like proftpd have: "AllowGroup ftpgroup" sshd have "AllowGroups sshgroup" And samba have "valid users = @smbgroup" But I can't find the correct
2013 May 29
1
Enable IMAP only for certain users/IP
...c/pam.d/ there are two files: dovecot-pop3 dovecot-imap dovecot-pop3: #%PAM-1.0 @include common-auth @include common-account @include common-session (for this protocol everything works fine, I don't want to limit it.) dovecot-imap: #%PAM-1.0 @include common-auth auth sufficient pam_listfile.so item=rhost sense=allow file=/etc/dovecot/imaphosts onerr=fail auth required pam_listfile.so item=user sense=allow file=/etc/dovecot/imapusers onerr=fail @include common-account @include common-session If I'm not wrong, once the user is authenticated, PAM checks if the remote...
2016 Oct 13
0
How to tell spicy client to use SASL authentication?
...to authenticate with password for each virsh use. I'm using SASL + saslauthd + PAM for that case. /etc/sasl2/libvirt.conf: mech_list: PLAIN pwcheck_method: saslauthd /etc/sasl2/qemu.conf: mech_list: PLAIN pwcheck_method: saslauthd /etc/pam.d/libvirt: auth requisite pam_listfile.so item=group sense=allow file=/etc/libvirt/allow_group auth required pam_tally2.so onerr=succeed auth required pam_nologin.so auth required pam_unix.so try_first_pass likeauth nullok account requisite pam_listfile.so item...
2007 Jan 15
1
Winbind caching group membership issue
...ups" results are not updated no matter the amount of elapsed time. It should be noted that if I stop winbind and delete *.tdb then restart, updated info is returned by "wbinfo" and "groups" but again, next changes will not be reflected. Why do I care? I am trying to use pam_listfile.so to control what ADS accounts can log on to the box (by group membership). Pam_listfile is not "seeing" updated group membership when winbind caching is enabled. Somewhat ironically pam_winbind.so "sees" things correctly I suppose because it never consults the cache. What a...
2007 Dec 04
10
Using puppet to manage user access to servers.
I''m guessing this is a common use case, but I wasn''t able to find anything in the site FAQ. We''re looking at using Puppet on about 100 servers to control which user groups have access to which servers. The use case is as follows: We have Groups of servers, for example: CUSTOMERservers (serverA, serverB, ...,serverK) ADMINISTRATIVEservers
2009 Nov 02
0
Restrict users from logging in: winbind
I have my Redhat 5.4 linux server fully integrated into my companies AD.? The biggest issue I have is that I am using a rid backend which means that anyone with an AD account can log into the server.? So my quesiton is, how can I restrict server login via AD groups?? I have tried using pam?with pam_listfile, but for some reason it does not work, I keep getting errors about sshd refusing the user.? I can use this config for su restrictions but not logins. I keep getting the following error in /var/log/secure: pam_listfile(sshd:auth): Refused user DOMAIN+user for service sshd Does anyone have a wor...
2004 Jun 06
2
Feature request?
I'd like to toss a feature request on the table for consideration. We currently use a different popd because of a feature that allows us to restrict pop access based upon an allowed users list. This is the only thing that keeps us from using the popd in dovecot currently. It's a simple text file of usernames that are allowed to use pop, if the name isn't in that list then pop
2013 Oct 12
1
Problem with PAM, vpopmail and Roundcube
...ing [pam.d] for this as per http://wiki.dovecot.org/Authentication/RestrictAccess but although I am not getting any errors, all users are still allowed access unless I block them with [vmoduser -i]. In [dovecot.conf] I have: passdb pam { args = * } In [/etc/pam.d/imap] I have: auth required pam_listfile.so item=user sense=allow file=/etc/imapusers onerr=fail And in [/etc/imapusers] I have specified the only users that should have access. Any ideas why this isn't working? ------------------------------------------------------- 2. Allow access for all users coming from a specific IP ------...
2009 Jul 10
1
vsftpd not able to log in
...id=0 auid=0 subj=root:system_r:ftpd_t:s0 msg='PAM: authentication acct="user" : exe="/usr/sbin/vsftpd" (hostname=hostname, addr=1.2.3.4, terminal=ftp res=failed)' cat /etc/pam.d/vsftpd #%PAM-1.0 session optional pam_keyinit.so force revoke auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed auth required pam_shells.so auth include system-auth account include system-auth session include system-auth session required pam_loginuid.so # grep local /etc/vsftpd/vsftpd.conf local_enable=YES local_umask=...
2007 Jun 16
3
Per user based protocol access and pause after failed login?
Hello. Tried search, no luck, sorry, if this is already answered, but I'm still looking a solution using pam_auth how to define in dovecot which user can access which protocol, for example, default is: protocols = pop3 pop3s imap imaps I'd like to use something like this: exclude_using_pop = user1, user2, @group exclude_using_pops = user1, user2, @group exclude_using_imap = user1,
2007 Aug 25
1
Bug in replace parameter on file types?
...tive-directory-member/krb5.conf"; "/etc/pam.d/common-auth": source => "puppet:///files/apps/active-directory-member/common-auth"; "/etc/security/users.conf": source => [ "puppet:///files/apps/pam_listfile/users.conf.$hostname", "puppet:///files/apps/pam_listfile/users.conf.default" ]; } exec { "netjoin": command => "/usr/bin/net rpc join -U account%password", creates => "/var/li...
2009 Nov 05
3
ADS, pam_winbind and vsftpd
...standing that PAM-stuff and I have some pressure to get that ftp-server up, so please would someone help me out? My file: This one is heavily edited now, as I played trial and error for hours. # cat /etc/pam.d/vsftpd #%PAM-1.0 # Uncomment this to achieve what used to be ftpd -A. # auth required pam_listfile.so item=user sense=allow file=/etc/ftpchroot onerr=fail auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed auth sufficient /lib/security/pam_winbind.so auth required /lib/security/pam_shells.so account sufficient pam_winbind.so account required...
2007 Sep 24
3
Bug#443886: /etc/logcheck/ignore.d.server/proftpd: [proftpd] Refused user $USER for service $FOO
...ckage: logcheck-database Version: 1.2.61 Severity: wishlist File: /etc/logcheck/ignore.d.server/proftpd Two weeks ago, I got a rush of these: Sep 8 12:37:07 goretex proftpd: PAM-listfile: Refused user news for service proftpd (Apparently, fail2ban managed to miss those.) This is triggered by pam_listfile, which is used by proftpd (and other FTP daemons) to block users listed in /etc/ftpusers. Given how lazy I am, I simply wrote a rule for my own particular daemon: ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd: PAM-listfile: Refused user [-_.[:alnum:]]+ for service proftpd$ I'm not sure how...
2003 Nov 18
0
Samba PDC trying rid null logins
...in.txt>> <<passwd.txt>> <<samba.txt>> > <<smb.conf>> <<su.txt>> <<smb_server.conf>> > > > Thanks > > Tameika Reed > -------------- next part -------------- #%PAM-1.0 auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed #this line was changed should be pam_pwdb auth sufficient /lib/security/pam_winbind.so shadow auth required /lib/security/pam_shells.so #this line was changed should be pam_pwdb account required /lib/security/pam_winbind.s...
2004 Jan 12
1
PAM_ERROR_MSG and PAM_TEXT_INFO from modules
..., but obviously access isn't denied anymore. this is still curious since pam_motd never works, and it prints /etc/motd with a PAM_TEXT_INFO message via the same conversation mechanism. here is the pam config ive tested with: #%PAM-1.0 auth requisite pam_noulogin.so auth required pam_listfile.so item=user sense=deny file=/etc/ssh/ssh_rsa_only onerr=succeed auth required pam_unix.so auth required pam_env.so # [1] auth required pam_shells.so account requisite pam_noulogin.so account required pam_unix.so session required pam_unix.so session required...
2003 Nov 19
0
FW: Samba PDC trying rid null logins
...in.txt>> <<passwd.txt>> <<samba.txt>> > <<smb.conf>> <<su.txt>> <<smb_server.conf>> > > > Thanks > > Tameika Reed > -------------- next part -------------- #%PAM-1.0 auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed #this line was changed should be pam_pwdb auth sufficient /lib/security/pam_winbind.so shadow auth required /lib/security/pam_shells.so #this line was changed should be pam_pwdb account required /lib/security/pam_winbind.s...
2015 Oct 12
1
getting error Ignoring parameter browse directory and winbind sequence directory
...want to change anything? > > OK, I have installed proftpd on a Debian Jessie Samba 4.3.0 domain member and set it up to use AD for authentication and it works for me (note, I did not use ldap authentication, I used PAM) My PAM setup is this: /etc/pam.d/proftpd auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed @include common-auth @include common-account @include common-session /etc/pam.d/common-auth auth [success=3 default=ignore] pam_krb5.so minimum_uid=1000 auth [success=2 default=ignore] pam_unix.so nullok_secure try_first_...