Displaying 13 results from an estimated 13 matches for "pam_login_access".
2007 Sep 06
0
[Resolved] Found a way of allowing pam_ldap users (with pam_groupdn or pam_check_host_attr restrictions), AND allowing local root authentication, without pam_unix.so taking presense due to getpwent() returns ldap-users
...r how to get it
playing, so this is a working fix, until pam_unix.so and pam_ldap.so
plays well together:
The recommended setup, UNIX and LDAP logins work, but
groupdn/check_host_attr restrictions dosn't:
account sufficient /usr/local/lib/pam_ldap.so
account required pam_login_access.so
account required pam_unix.so local_pass
You want only LDAP users, and no local root-account, this works:
account sufficient /usr/local/lib/pam_ldap.so
account required pam_login_access.so
account required pam_deny.so
This is what I ended...
2007 Jan 30
1
cannot su, something may related to pam
...sufficient pam_ssh.so no_warn try_first_pass
auth required pam_unix.so no_warn try_first_pass nullok
# account
account required /usr/lib/pam_winbind.so
#account required pam_krb5.so
account required pam_login_access.so
account required pam_unix.so
# session
#session optional pam_ssh.so
session required pam_lastlog.so no_fail
# password
password sufficient /usr/lib/pam_winbind.so try_first_pass
#password sufficient pam_krb5.so...
2007 Apr 13
1
Samba3 : no suitable range available for sid
...#auth sufficient pam_ssh.so no_warn
try_first_pass
auth required pam_unix.so no_warn
try_first_pass nullok
# account
account required pam_winbind.so
#account required pam_krb5.so
account required pam_login_access.so
account required pam_unix.so
# session
#session optional pam_ssh.so
session required pam_lastlog.so no_fail
# password
password sufficient pam_winbind.so try_first_pass
#password sufficient pam_krb5.so...
2011 Feb 18
1
Not sure I understand when add user script is called
...mkhomedir=yes
#auth sufficient pam_krb5.so no_warn try_first_pass
#auth sufficient pam_ssh.so no_warn try_first_pass
auth required pam_unix.so no_warn try_first_pass nullok
# account
#account required pam_krb5.so
account required pam_login_access.so
account required pam_unix.so
# session
#session optional pam_ssh.so
session required pam_lastlog.so no_fail
session required /usr/local/lib/pam_mkhomedir.so
skel=/usr/local/etc/skel
# password
#password sufficient pam_krb5.so no_war...
2009 Aug 28
1
FreeBSD 7.2 and Samba 3.3.7 AD 2003 Authentication Problem
...no_warn
try_first_pass
auth required pam_unix.so no_warn
try_first_pass
# account
account required pam_nologin.so
#account required pam_krb5.so
account sufficient /usr/local/lib/pam_winbind.so
account required pam_login_access.so
account required pam_unix.so
# session
#session optional pam_ssh.so
#session required /usr/local/lib/pam_mkhomedir.so
session required pam_permit.so
# password
password sufficient /usr/local/lib/pam_winbind.so
try_first_pass...
2005 Jun 24
0
Winbind NT domain authentication
...pam_unix.so no_warn try_first_pass
#tfa
auth sufficient pam_winbind.so debug try_first_pass
auth sufficient pam_unix.so no_warn try_first_pass
# account
#account required pam_krb5.so
account required pam_login_access.so
account sufficient pam_winbind.so debug
account sufficient pam_unix.so
# session
#session optional pam_ssh.so
session required pam_permit.so
# password
#password sufficient pam_krb5.so no_warn try_first_pass...
2005 Jun 24
0
Winbind NT domain authentication
...pam_unix.so no_warn try_first_pass
#tfa
auth sufficient pam_winbind.so debug try_first_pass
auth sufficient pam_unix.so no_warn try_first_pass
# account
#account required pam_krb5.so
account required pam_login_access.so
account sufficient pam_winbind.so debug
account sufficient pam_unix.so
# session
#session optional pam_ssh.so
session required pam_permit.so
# password
#password sufficient pam_krb5.so no_warn try_first_pass...
2008 Nov 18
2
pam_start() failed: system error
...e_bind Can't contact LDAP server
Nov 18 13:21:46 dizzy dovecot: auth-worker(default): pam(xxxx,xxx.xxx.xxx.xxx): pam_start() failed: system error
Nov 18 13:21:46 dizzy dovecot-auth: in openpam_load_module(): no pam_permit.so found
Nov 18 13:22:12 dizzy dovecot-auth: in openpam_load_module(): no pam_login_access.so found
Nov 18 13:22:31 dizzy dovecot-auth: in openpam_load_module(): no pam_unix.so found
Nov 18 13:22:42 dizzy dovecot-auth: in openpam_load_module(): no /usr/local/lib/pam_ldap.so found
After restarting dovecot things are back to normal.
I have tried different settings for worker_max_count,...
2008 Sep 02
1
"pam_start() failed: system error" with dovecot 1.1.2, cause unknown
...ap-login: Aborted login (auth failed, 1
attempts): user=<userC>, method=PLAIN, rip=35.9.37.164, lip=35.9.37.190, TLS
.....
/var/log/messages:
Sep 2 08:25:04 hill dovecot-auth: in openpam_load_module(): no
pam_permit.so found
Sep 2 08:25:04 hill dovecot-auth: in openpam_load_module(): no
pam_login_access.so found
Sep 2 08:25:05 hill dovecot-auth: in openpam_load_module(): no
pam_nologin.so found
Sep 2 08:25:10 hill dovecot-auth: in openpam_load_module(): no
pam_unix.so found
Sep 2 08:25:11 hill dovecot-auth: in openpam_load_module(): no
pam_unix.so found
Sep 2 08:25:20 hill dovecot-auth: in...
2003 Jul 11
3
Login.Access
Login seems to be ignoring my /etc/login.access settings.
I have the following entries (see below) in my login.access, yet any new
user (not in the wheel group) is still allowed to login. What am I missing?
# $FreeBSD: src/etc/login.access,v 1.3 1999/08/27 23:23:42 peter Exp $
#
-:ALL EXCEPT wheel:console
-:ALL EXCEPT wheel:ALL
Thanks,
--
Scott Gerhardt, P.Geo.
Gerhardt Information
2005 Aug 19
2
pam_radius fail open?
..._krb5.so no_warn
try_first_pass
#auth sufficient pam_ssh.so no_warn
try_first_pass
#auth required pam_unix.so no_warn
try_first_pass
# account
#account required pam_krb5.so
#account required pam_login_access.so
#account required pam_unix.so
# session
#session optional pam_ssh.so
#session required pam_permit.so
# password
#password sufficient pam_krb5.so no_warn
try_first_pass
#password required pam_unix.so...
2012 Apr 17
0
Problems with samba as PDC
...ry_first_pass
#auth sufficient /usr/local/lib/pam_winbind.so
auth required pam_unix.so no_warn try_first_pass
# account
account sufficient /usr/local/lib/pam_winbind.so
account required pam_nologin.so
#account required pam_krb5.so
account required pam_login_access.so
account required pam_unix.so
# session
#session optional pam_ssh.so want_agent
session required pam_permit.so
# password
#password sufficient pam_krb5.so no_warn try_first_pass
password required pam_unix.so no_warn try_first_pass
Here is /etc/sec...
2003 Sep 24
4
unified authentication
Howdy list,
Sorry if this is a frequently discussed topic,
or an off-topic question, but I couldn't find much
info about my question by performing quick searches
in the archives, and my question is pretty tightly
related to security...
Background:
===========
I have a number of FreeBSD machines. Most are 4.x,
but a few are 5.x (mainly the testing/devel machines).
I also have a single Red