search for: pam_login_access

...r how to get it playing, so this is a working fix, until pam_unix.so and pam_ldap.so plays well together: The recommended setup, UNIX and LDAP logins work, but groupdn/check_host_attr restrictions dosn't: account sufficient /usr/local/lib/pam_ldap.so account required pam_login_access.so account required pam_unix.so local_pass You want only LDAP users, and no local root-account, this works: account sufficient /usr/local/lib/pam_ldap.so account required pam_login_access.so account required pam_deny.so This is what I ended...

...sufficient pam_ssh.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass nullok # account account required /usr/lib/pam_winbind.so #account required pam_krb5.so account required pam_login_access.so account required pam_unix.so # session #session optional pam_ssh.so session required pam_lastlog.so no_fail # password password sufficient /usr/lib/pam_winbind.so try_first_pass #password sufficient pam_krb5.so...

...#auth sufficient pam_ssh.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass nullok # account account required pam_winbind.so #account required pam_krb5.so account required pam_login_access.so account required pam_unix.so # session #session optional pam_ssh.so session required pam_lastlog.so no_fail # password password sufficient pam_winbind.so try_first_pass #password sufficient pam_krb5.so...

...mkhomedir=yes #auth sufficient pam_krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass nullok # account #account required pam_krb5.so account required pam_login_access.so account required pam_unix.so # session #session optional pam_ssh.so session required pam_lastlog.so no_fail session required /usr/local/lib/pam_mkhomedir.so skel=/usr/local/etc/skel # password #password sufficient pam_krb5.so no_war...

...no_warn try_first_pass auth required pam_unix.so no_warn try_first_pass # account account required pam_nologin.so #account required pam_krb5.so account sufficient /usr/local/lib/pam_winbind.so account required pam_login_access.so account required pam_unix.so # session #session optional pam_ssh.so #session required /usr/local/lib/pam_mkhomedir.so session required pam_permit.so # password password sufficient /usr/local/lib/pam_winbind.so try_first_pass...

...pam_unix.so no_warn try_first_pass #tfa auth sufficient pam_winbind.so debug try_first_pass auth sufficient pam_unix.so no_warn try_first_pass # account #account required pam_krb5.so account required pam_login_access.so account sufficient pam_winbind.so debug account sufficient pam_unix.so # session #session optional pam_ssh.so session required pam_permit.so # password #password sufficient pam_krb5.so no_warn try_first_pass...

...pam_unix.so no_warn try_first_pass #tfa auth sufficient pam_winbind.so debug try_first_pass auth sufficient pam_unix.so no_warn try_first_pass # account #account required pam_krb5.so account required pam_login_access.so account sufficient pam_winbind.so debug account sufficient pam_unix.so # session #session optional pam_ssh.so session required pam_permit.so # password #password sufficient pam_krb5.so no_warn try_first_pass...

...e_bind Can't contact LDAP server Nov 18 13:21:46 dizzy dovecot: auth-worker(default): pam(xxxx,xxx.xxx.xxx.xxx): pam_start() failed: system error Nov 18 13:21:46 dizzy dovecot-auth: in openpam_load_module(): no pam_permit.so found Nov 18 13:22:12 dizzy dovecot-auth: in openpam_load_module(): no pam_login_access.so found Nov 18 13:22:31 dizzy dovecot-auth: in openpam_load_module(): no pam_unix.so found Nov 18 13:22:42 dizzy dovecot-auth: in openpam_load_module(): no /usr/local/lib/pam_ldap.so found After restarting dovecot things are back to normal. I have tried different settings for worker_max_count,...

...ap-login: Aborted login (auth failed, 1 attempts): user=<userC>, method=PLAIN, rip=35.9.37.164, lip=35.9.37.190, TLS ..... /var/log/messages: Sep 2 08:25:04 hill dovecot-auth: in openpam_load_module(): no pam_permit.so found Sep 2 08:25:04 hill dovecot-auth: in openpam_load_module(): no pam_login_access.so found Sep 2 08:25:05 hill dovecot-auth: in openpam_load_module(): no pam_nologin.so found Sep 2 08:25:10 hill dovecot-auth: in openpam_load_module(): no pam_unix.so found Sep 2 08:25:11 hill dovecot-auth: in openpam_load_module(): no pam_unix.so found Sep 2 08:25:20 hill dovecot-auth: in...

Login seems to be ignoring my /etc/login.access settings. I have the following entries (see below) in my login.access, yet any new user (not in the wheel group) is still allowed to login. What am I missing? # $FreeBSD: src/etc/login.access,v 1.3 1999/08/27 23:23:42 peter Exp $ # -:ALL EXCEPT wheel:console -:ALL EXCEPT wheel:ALL Thanks, -- Scott Gerhardt, P.Geo. Gerhardt Information

..._krb5.so no_warn try_first_pass #auth sufficient pam_ssh.so no_warn try_first_pass #auth required pam_unix.so no_warn try_first_pass # account #account required pam_krb5.so #account required pam_login_access.so #account required pam_unix.so # session #session optional pam_ssh.so #session required pam_permit.so # password #password sufficient pam_krb5.so no_warn try_first_pass #password required pam_unix.so...

...ry_first_pass #auth sufficient /usr/local/lib/pam_winbind.so auth required pam_unix.so no_warn try_first_pass # account account sufficient /usr/local/lib/pam_winbind.so account required pam_nologin.so #account required pam_krb5.so account required pam_login_access.so account required pam_unix.so # session #session optional pam_ssh.so want_agent session required pam_permit.so # password #password sufficient pam_krb5.so no_warn try_first_pass password required pam_unix.so no_warn try_first_pass Here is /etc/sec...

Howdy list, Sorry if this is a frequently discussed topic, or an off-topic question, but I couldn't find much info about my question by performing quick searches in the archives, and my question is pretty tightly related to security... Background: =========== I have a number of FreeBSD machines. Most are 4.x, but a few are 5.x (mainly the testing/devel machines). I also have a single Red