Displaying 20 results from an estimated 317 matches for "pam_nologin".
2001 Jan 20
1
/etc/nologin and Solaris PAM bug
...7, and
while I was testing it to make sure everything was working properly, I
noticed that when I used PAM to authenticate, rather than /bin/login, sshd
was not honoring /etc/nologin.
I took a real quick look through the source code and found this at line
1022 of session.c:
#ifndef USE_PAM /* pam_nologin handles this */
if (!options.use_login) {
Now that seems like it's probably the right way to handle /etc/nologin
under PAM authenticated linux systems, however there's one problem: Sun
doesn't ship SunOS with a pam_nologin.so module. pam_unix.so authenticates
the user, and...
2018 Jul 18
2
root can login to console but not via ssh
....d/sshd from prior to the install and
>> restore it after the RPM is installed since it overwrites it. I have a
>> /etc/pam.d/common-auth that has:
>> test10:/etc/pam.d # cat sshd
>
>> #%PAM-1.0
>> auth include common-auth
>> auth required pam_nologin.so
>
> I think pam_nologin.so should be in the "account" rather than "auth" stack.
>
> I.e.
>
> account required pam_nologin.so
>
> -d
Definitely check /etc/ssh/sshd_login, or wherever your particular
version of SSH expects its sshd_config, for th...
2007 Jan 22
2
nologin not working with openssh >= 4.3 and authentication != password
...g a nologin
file into /etc. This only worked for logins that use the password
authentication mechanism. publickey-based authentications still
succeeded and the users were allowed into the system. This seems
straightforward to me since openssh 4.3 disabled the evaluation of
/etc/nologin in favour of pam_nologin but doesn't use PAM for anything
other than password-based logins, does it?
Is this a known issue or even a non-issue due to a misunderstanding on
my part?
--
Thanks in advance,
bye, Michael
2018 Jul 17
2
root can login to console but not via ssh
..., etc.). The default is to use the
# traditional Unix authentication mechanisms.
#
auth required pam_env.so
auth sufficient pam_rootexpirepass.so
auth required pam_unix2.so
The /etc/pam.d/sshd has:
test10:/etc/pam.d # cat sshd
#%PAM-1.0
auth include common-auth
auth required pam_nologin.so
account include common-account
password include common-password
session include common-session
# Enable the following line to get resmgr support for
# ssh sessions (see /usr/share/doc/packages/resmgr/README)
#session optional pam_resmgr.so fake_ttyname
If I run sshd with...
2016 Oct 13
0
How to tell spicy client to use SASL authentication?
...saslauthd
/etc/sasl2/qemu.conf:
mech_list: PLAIN
pwcheck_method: saslauthd
/etc/pam.d/libvirt:
auth requisite pam_listfile.so item=group sense=allow file=/etc/libvirt/allow_group
auth required pam_tally2.so onerr=succeed
auth required pam_nologin.so
auth required pam_unix.so try_first_pass likeauth nullok
account requisite pam_listfile.so item=group sense=allow file=/etc/libvirt/allow_group
account required pam_nologin.so
account required pam_unix.so
/etc/pam.d/qemu:
a...
2000 Dec 27
5
PAM configuration
...files specifiy full paths to the modules, is this
necessary?
- I want a "no-frills" control file which will work with the widest
range of systems and still be secure. Would something like the following
work everywhere? I assume pam_unix is pretty standards, but how about
pam_cracklib, pam_nologin and pam_limits?
I don't really want to ship without pam_cracklib in for password
changes (since that is what most sites use as default). Can password
changing be disabled using pam_deny?
#%PAM-1.0
auth required pam_unix.so shadow nodelay
auth required pam_nologin.so
acco...
2013 Oct 15
1
question about PAM in 9.2
Hi,
we have been using pure-ftpd to authenticate via PAM from our
ldap-server for some time (the ldap-server was built in 2006...).
I've got the following in /etc/pam.d/pure-ftpd
auth sufficient /usr/local/lib/pam_ldap.so
auth required pam_nologin.so
auth required pam_unix.so nullok
account required pam_permit.so
session required pam_permit.so
This worked from probably FreeBSD 5.0 and before (longer than I've been
at the company...) until 9.1, then, with the upgrade to 9.2, users can
no longer login (LDAP...
2002 Aug 20
1
winbind initgroups problem with 2.2.5 on RH 7.2
...20 20:59:51 aslan login[32713]: initgroups: Operation not permitted
Here is my pam.d/login file:
#%PAM-1.0
# orginal before winbind
# auth required /lib/security/pam_securetty.so
# auth required /lib/security/pam_stack.so service=system-auth
# auth required /lib/security/pam_nologin.so
# added for winbind
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_pwdb.so use_first_pass shadow
nullok
account sufficient /lib/securi...
2007 Oct 23
4
dovecot-auth: Too many open files
...les
Oct 16 04:48:06 host imap-login: Disconnected [::ffff:<internal_IP>]
Oct 16 11:48:11 host dovecot-auth: PAM: pipe() failed: Too many open
files
Oct 16 04:48:11 host imap-login: Aborted login [::ffff:<internal_IP>]
Oct 16 04:48:11 host dovecot-auth: PAM unable to
dlopen(/lib/security/pam_nologin.so)
Oct 16 04:48:11 host dovecot-auth: PAM [dlerror:
/lib/security/pam_nologin.so: cannot open shared object file: Too many
open files]
Oct 16 04:48:11 host dovecot-auth: PAM adding faulty module:
/lib/security/pam_nologin.so
Oct 16 04:48:11 host dovecot-auth: PAM unable to
dlopen(/lib/security/pam...
2002 Jul 09
5
Cant Log Into Terminal Using Winbind
...hd(pam_unix)[5463]: check pass; user unknown
Here is the login file :
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_stack.so service=system-auth
auth sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_nologin.so
account sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/s...
2003 Jun 05
2
CVS over SSH
...windows user to the server on the server himself but when I want to login via a windows client It doesn't work. The connection is refused. Could it be something mis configured in my ssh pam module.
This is my pam ssh module
PAM configuration file for sshd
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_winbind.so
auth required /lib/security/pam_pwdb.so shadow nullok
account sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_pwdb.so
session required /lib/security/pam_pwdb.so
session optional...
2007 Jan 05
2
Kerberos and PAM
...N
encrypt passwords = yes
winbind separator = +
idmap uid = 10000-20000
idmap gid = 10000-20000
winbind enum users = yes
winbind enum groups = yes
winbind use default domain = yes
[homes]
comment = Home Directories
valid users = %S
read only = No
browseable = No
pam.d/samba
#%PAM-1.0
auth required pam_nologin.so
auth required pam_stack.so service=system-auth
auth required pam_winbind.so
account required pam_winbind.so
account required pam_stack.so service=system-auth
session required pam_mkhomedir.so skel=/etc/samba/skel umask=0022
session required pam_stack.so service=system-auth
password required pam_...
2006 Feb 25
2
dovecot 0.99 to 1
Hi,
Gentoo updated dovecot to 1.0 beta3 and don't succeed in authentification with
pop3.
Here is my dovecot.conf 0.99
protocols = imap imaps pop3 pop3s
imap_listen = *
pop3_listen = *
imaps_listen = *
pop3s_listen = *
login = imap
login = pop3
default_mail_env = maildir:%h/.maildir
mbox_locks = fcntl dotlock
auth = default
auth_mechanisms = plain
auth_userdb = passwd
auth_passdb = pam dovecot
2005 Dec 16
0
pam and samba 3
..., its asks for username and password.
i have user root and given password but it says "username cannot be found"
my pam.d/login file is
#########################################################
auth required pam_securetty.so
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
*auth sufficient pam_ldap.so*
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
# pam_selinux.so close should be the first session rule
session required pam_selinux.so close
session required pam_stack.so service=system-auth
session option...
2003 Feb 21
2
pam settings for winbind
...lines I
added I added to the stock RHAT 8 gdm pam def.:
#%PAM-1.0
+ auth sufficient /lib/security/pam_winbind.so
+ auth sufficient /lib/security/pam_unix.so use_first_pass
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
+ auth sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib...
2002 Nov 18
1
Help with PAM Config
...ux users to login?
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth sufficient /lib/security/pam_winbind.so
auth sufficient /lib/security/pam_unix.so use_first_pass
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/s...
2006 Mar 23
1
Samba integration with AD
...d/login
#%PAM-1.0
auth required /lib/security/pam_securetty.so
auth sufficient /lib/security/pam_winbind.so
auth sufficient /lib/security/pam_unix.so use_first_pass
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account sufficient /lib/security/pam_winbind.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session optional /lib/s...
2006 Mar 08
5
getting samba to authenticate with kerberos/PAM
Hello,
I reeeeally need someone's help here. I guide after guide from all sorts of sources but I still cannot get samba to authenticate a domain login via winbind off of the windows 2003 DC on our network.
Here is what I can do:
I can successfully do a kinit command and can verify the existance on the samba server in active directory on the DC.
I can login using domain profiles on the samba
2010 Mar 26
1
failed: Too many open files
Dear list,
I have questions about content of the following error messages.
---</var/log/secure>---
dovecot-auth:?PAM?unable?todlopen(/lib/security/pam_nologin.so)
dovecot-auth:?PAM?[error:/lib/security/pam_nologin.so:?cannot?open?shared?object?file:?Too?many?open?files]
dovecot-auth:?PAM?adding?faulty?module:/lib/security/pam_nologin.so
dovecot-auth:?PAM?_pam_load_conf_file:?unable?to?open?/etc/pam.d/system-auth
dovecot-auth:?PAM?unable?to?dlopen(<*un...
2004 Jan 05
2
pam_winbind problems
...ser unknown
Jan 5 11:09:37 hermes login[9014]: FAILED LOGIN 1 FROM 172.27.1.223 FOR
CSQ+shane, User not known to the underlying authentication
module.
my login in /etc/pam.d is
auth required pam_securetty.so
#auth required pam_stack.so service=system-auth
auth required pam_nologin.so
auth sufficient pam_winbind.so
auth required pam_pwdb.so use_first_pass shadow nullok
#account required pam_stack.so service=system-auth
account sufficient pam_winbind.so
#password required pam_stack.so service=system-auth
password required pam_pwdb.so use...