Displaying 20 results from an estimated 33 matches for "pam_motd".
2004 Jan 12
1
PAM_ERROR_MSG and PAM_TEXT_INFO from modules
Hi,
I have tested the current snapshot portable release (dated Jan 9
2004).
configuration has:
UsePAM yes
PasswordAuthentication no
ChallengeResponseAuthentication yes
UsePrivilegeSeparation yes
two problems:
first pam_motd does not work anymore.
second, I needed a quick way to disable normal user logins without
disabling admin accounts (members of group wheel). the best option i
could come up with is to write a new pam module similar to
pam_nologin, mine is pam_noulogin. It works as both as an auth, and
account mo...
2003 Apr 10
1
sshd and pam , conversation
...section (oposed to pam_listfile.so,
that uses the "auth" section - it wouldt
work because with hostbased authentication
openssh ignores the "auth" section).
It's working perfectly, but i also want to
display a message to those users that are
denied login, so i modified pam_motd to work
in "account" section, but i can't get the
message to be printed.
I can't make pam_motd to work in the "session"
section either.
There's a section:
message.msg_style=PAM_TEXT_INFO;
message.msg="blahblah..";
pam_get_item(pamh,PAM_CONV,&conversa...
2003 Sep 23
5
PAM sessions and conversation functions
...that fed text to the client. In OpenSSH 3.7.1p2,
this is no longer the case: session modules run with a conversation
function that just returns PAM_CONV_ERR. This means that simple session
modules whose job involves printing text on the user's terminal no
longer work: pam_lastlog, pam_mail, and pam_motd.
Can somebody explain to me why this change was made (as part of the
FreeBSD PAM merge, apparently), or if it was a mistake? I realize that
session modules are now run as root, but I'd have thought that modules
should be trusted code and don't need to have their output sanitized.
Thanks,...
2003 May 08
3
wbinfo -u is returning 0xc0000022
...th required pam_unix.so use_first_pass shadow
auth required pam_env.so # [1]
account sufficient pam_winbind.so debug
account required pam_unix.so use_first_pass
session required pam_unix.so
session optional pam_lastlog.so # [1]
session optional pam_motd.so # [1]
session optional pam_mail.so standard noenv # [1]
session required pam_limits.so
password required pam_unix.so
joined the domain and started smbd, nmbd and winbindd. When I execute wbinfo -u I get 0xc0000022. I googled around for this error, but didn't find a dece...
2018 Apr 26
0
account locks not working ssh/winbind?
...account required pam_nologin.so
@include common-account
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
@include common-session
session optional pam_motd.so motd=/run/motd.dynamic
session optional pam_motd.so noupdate
session required pam_limits.so
session required pam_env.so user_readenv=1 envfile=/etc/default/locale
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
@include common...
2004 Feb 03
3
How do I get pam_mkhomedir to work
...on required pam_stack.so service=system-auth
#session optional pam_console.so
session required /lib/security/pam_mkhomedir.so skel=/etc/skel/ umask=0022
password required pam_unix.so nullok obscure min=4 max=8
session required pam_unix.so
session optional pam_lastlog.so
session optional pam_motd.so
session optional pam_mail.so standard noenv
I have tried many varations of this file from various postings but all to no
avail
the relevant part of smb.conf follow
# Global parameters
[global]
workgroup = LEARNINGDOMAIN
realm = LEARNINGDOMAIN.ORG
server string = %L run...
2018 Apr 26
4
account locks not working ssh/winbind?
Hai.
Config.
Debian Stretch, samba 4.7.7. member server AD backend.
Network setup like in the howtos here. : https://github.com/thctlo/samba4/tree/master/howtos
Today i discovered that somehow a disabled user was able to login after a few retries.
I run a SSH/SFTP server for data exchange with the customer of the company here.
The SSH/SFTP server is restricted by groups, this
2003 Nov 21
1
Winbindd and SSH (just disconnects after login)
...required pam_env.so # [1]
account sufficient pam_winbind.so
account required pam_unix.so use_first_pass
session sufficient pam_mkhomedir.so skel=/etc/skel umask=0022
session required pam_unix.so
session optional pam_lastlog.so # [1]
session optional pam_motd.so # [1]
session optional pam_mail.so standard noenv # [1]
session required pam_limits.so
password required pam_unix.so
What am I missing here or doing wrong? Not sure if any other settings are
relevant, and hate blasting the list with a bunch of useless/unwanted text.
Any h...
2014 Oct 20
1
Allow Samba4/AD group "MYDOM\Domain Admins" to login through SSH on linux hosts
Hi,
For several linux server on our network we want to allow the AD domain group called "MYDOM\Domain Admins" to login through ssh with their AD credentials. Our DC1 and DC2 are running on Debian 64bit using Samba 4.1.12/Sernet.
I'm kinda confused, what exactly I need therefore. Do I need to setup a PAM_authentication as explained on that tutorial here?
2003 Nov 18
5
Testing of recent commits
...eprecated "gssapi"
method) provides proper validation of the session ID between the client
and the server.
Some of the highlights (more in the ChangeLog):
- (dtucker) [auth-pam.c] Convert chauthtok_conv into a generic
tty_conv, and use it for do_pam_session. Fixes problems like
pam_motd not displaying anything. ok djm@
- jakob at cvs.openbsd.org 2003/11/12 16:39:58
[dns.c dns.h readconf.c ssh_config.5 sshconnect.c]
update SSHFP validation. ok markus@
- markus at cvs.openbsd.org 2003/11/17 11:06:07
[auth2-gss.c gss-genr.c gss-serv.c monitor.c monitor.h]
[monitor_wr...
2005 May 21
1
ssh + pam_winbind error 'incorrect password or invaid membership'
..._winbind.so
auth required pam_nologin.so
auth required pam_env.so # [1]
@include common-auth
account sufficient pam_winbind.so
@include common-account
session required pam_mkhomedir.so skel=/etc/skel umask=0022
@include common-session
session optional pam_motd.so # [1]
session optional pam_mail.so standard noenv # [1]
session required pam_limits.so
@include common-password
---------------------------------
[global]
realm = MS.STILEN.COM
idmap uid = 10000-20000
idmap gid = 10000-20000
template homedir = /home/%D/%U
template s...
2004 Jul 03
2
[Bug 890] Allow users to see output from failing PAM session modules.
...mal
Priority: P2
Component: PAM support
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: dtucker at zip.com.au
Because a failure in do_pam_session causes an immediate fatal(), the connection
exits uncleanly, eg, with the following PAM config:
session required pam_motd.so motd=/etc/mynologin
session required pam_deny.so
Attempting to log in will result in:
testuser at localhost's password:
Read from remote host localhost: Connection reset by peer
Connection to localhost closed.
------- You are receiving this mail because: -------
You are the assignee for...
2005 Aug 30
1
make tests failure: openssh-SNAP-20050827 on Redhat 9
This is a Redhat 9 box doing nightly updates from FedoraLegacy.org.
I have a script of the whole session if needed.
-Bill
----
ok transfer data
run test banner.sh ...
test banner: missing banner file
cmp: EOF on /home/flowerpt/src/openssh/openssh/regress/empty.in
missing banner file
test banner: size 0
cmp: EOF on /home/flowerpt/src/openssh/openssh/regress/banner.in
banner size 0 mismatch
test
2004 Jul 07
0
pam_winbind.so and home-directory creation
....so
auth required pam_unix.so nullok use_first_pass
# Standard Un*x account and session
account sufficient pam_winbind.so
account required pam_unix.so
session sufficient pam_winbind.so
session required pam_unix.so
session required pam_mkhomedir.so
session optional pam_motd.so
session optional pam_mail.so standard noenv
password required pam_unix.so nullok obscure min=4
max=8 md5
--- /etc/nsswitch.conf
passwd: winbind compat
group: winbind compat
shadow: compat
Where did I go wrong? Any Ideas would be appreciated!
Best regards,...
2001 Oct 31
1
winbind exists (allmost) immediatly: winbind uid parameter missing
...ficient pam_winbind.so debug
auth required pam_unix.so use_first_pass nullok debug
account required pam_winbind.so debug
session required pam_mkhomedir.so skel=/etc/skel/ umask=002
session required pam_unix.so debug
session optional pam_lastlog.so
session optional pam_motd.so
session optional pam_mail.so standard noenv
password required pam_unix.so nullok obscure min=4 max=8 md5
... but I doubt these are of any importance, since when
I start winbindd -d 4 -i I get:
added interface ip=192.168.6.102 bcast=192.168.6.255
nmask=255.255.255.0
winbind uid paramet...
2002 Feb 13
2
Problem with using both pam_listfile to deny logins and pubkey authentication
...=allow
file=/etc/loginusers onerr=fail
auth required pam_nologin.so
auth required pam_unix.so
auth required pam_env.so # [1]
account required pam_unix.so
session required pam_unix.so
session optional pam_lastlog.so # [1]
session optional pam_motd.so # [1]
session optional pam_mail.so standard noenv # [1]
session required pam_limits.so
password required pam_unix.so
---
--
Sakari Ailus
sakari.ailus at luukku.com
2004 Jul 14
0
winbind/gdm auth failure
...winbind.so
auth required pam_unix.so nullok use_first_pass
account sufficient pam_winbind.so
account required pam_unix.so
session required pam_mkhomedir.so skel=/etc/skel
umask=0022
session sufficient pam_winbind.so
session required pam_unix.so
session optional pam_motd.so
session optional pam_mail.so standard noenv
password required pam_unix.so nullok obscure min=4
max=8 md5
---
--- gdm ---
#%PAM-1.0
auth required pam_nologin.so
auth required pam_env.so
auth sufficient pam_winbind.so
auth required pam_unix_auth.s...
2006 Jan 20
0
can't map drive to WinXP client from v3.0.21 w. security=ads
...ata that may or may not be
relevant or interesting.
pam config
----------
I'm wondering if the problem could be the pam config. The ssh and
samba pam configs are almost the same - the ssh config has 4 things that
the samba config doesn't:
session optional pam_motd.so
session optional pam_mail.so standard noenv
session required pam_limits.so
@include common-password
which makes me think, if anything, that the pam requirements for ssh are
more stringent than for samba. Yet samba isn't working, and ssh doe...
2010 Oct 20
1
Samba 3.5.6 pam problems
...ss.so
account required pam_nologin.so
account include system-auth
account required pam_tally.so onerr=succeed
password include system-auth
session required pam_env.so
session optional pam_lastlog.so
session include system-auth
session optional pam_ck_connector.so nox11
session optional pam_motd.so motd=/etc/motd
session optional pam_mail.so
file /etc/pam.d/system-auth
/etc/pam.d/system-auth: symbolic link to `system-auth-winbind'
cat /etc/pam.d/system-auth-winbind
#%PAM-1.0
# $Header: /var/cvsroot/gentoo-x86/net-fs/samba/files/3.5/system-auth-winbind.pam,v
1.1 2010/03/01 16:19:54...
2004 Jun 15
2
ssh daemon fails to call pam when user does not exist in /etc/passwd
...# Standard Un*x authentication. The "nullok" line allows passwordless
# accounts.
auth required pam_unix.so nullok likeauth try_first_pass
account required pam_unix.so
session required pam_unix.so
session optional pam_lastlog.so
session optional pam_motd.so
session optional pam_mail.so standard noenv
password required /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_unix.so nullok use_authtok
shadow md5
password required /lib/security/pam_deny.so