search for: pam_nologin

...7, and while I was testing it to make sure everything was working properly, I noticed that when I used PAM to authenticate, rather than /bin/login, sshd was not honoring /etc/nologin. I took a real quick look through the source code and found this at line 1022 of session.c: #ifndef USE_PAM /* pam_nologin handles this */ if (!options.use_login) { Now that seems like it's probably the right way to handle /etc/nologin under PAM authenticated linux systems, however there's one problem: Sun doesn't ship SunOS with a pam_nologin.so module. pam_unix.so authenticates the user, and...

....d/sshd from prior to the install and >> restore it after the RPM is installed since it overwrites it. I have a >> /etc/pam.d/common-auth that has: >> test10:/etc/pam.d # cat sshd > >> #%PAM-1.0 >> auth include common-auth >> auth required pam_nologin.so > > I think pam_nologin.so should be in the "account" rather than "auth" stack. > > I.e. > > account required pam_nologin.so > > -d Definitely check /etc/ssh/sshd_login, or wherever your particular version of SSH expects its sshd_config, for th...

...g a nologin file into /etc. This only worked for logins that use the password authentication mechanism. publickey-based authentications still succeeded and the users were allowed into the system. This seems straightforward to me since openssh 4.3 disabled the evaluation of /etc/nologin in favour of pam_nologin but doesn't use PAM for anything other than password-based logins, does it? Is this a known issue or even a non-issue due to a misunderstanding on my part? -- Thanks in advance, bye, Michael

..., etc.). The default is to use the # traditional Unix authentication mechanisms. # auth required pam_env.so auth sufficient pam_rootexpirepass.so auth required pam_unix2.so The /etc/pam.d/sshd has: test10:/etc/pam.d # cat sshd #%PAM-1.0 auth include common-auth auth required pam_nologin.so account include common-account password include common-password session include common-session # Enable the following line to get resmgr support for # ssh sessions (see /usr/share/doc/packages/resmgr/README) #session optional pam_resmgr.so fake_ttyname If I run sshd with...

...saslauthd /etc/sasl2/qemu.conf: mech_list: PLAIN pwcheck_method: saslauthd /etc/pam.d/libvirt: auth requisite pam_listfile.so item=group sense=allow file=/etc/libvirt/allow_group auth required pam_tally2.so onerr=succeed auth required pam_nologin.so auth required pam_unix.so try_first_pass likeauth nullok account requisite pam_listfile.so item=group sense=allow file=/etc/libvirt/allow_group account required pam_nologin.so account required pam_unix.so /etc/pam.d/qemu: a...

...files specifiy full paths to the modules, is this necessary? - I want a "no-frills" control file which will work with the widest range of systems and still be secure. Would something like the following work everywhere? I assume pam_unix is pretty standards, but how about pam_cracklib, pam_nologin and pam_limits? I don't really want to ship without pam_cracklib in for password changes (since that is what most sites use as default). Can password changing be disabled using pam_deny? #%PAM-1.0 auth required pam_unix.so shadow nodelay auth required pam_nologin.so acco...

Hi, we have been using pure-ftpd to authenticate via PAM from our ldap-server for some time (the ldap-server was built in 2006...). I've got the following in /etc/pam.d/pure-ftpd auth sufficient /usr/local/lib/pam_ldap.so auth required pam_nologin.so auth required pam_unix.so nullok account required pam_permit.so session required pam_permit.so This worked from probably FreeBSD 5.0 and before (longer than I've been at the company...) until 9.1, then, with the upgrade to 9.2, users can no longer login (LDAP...

...20 20:59:51 aslan login[32713]: initgroups: Operation not permitted Here is my pam.d/login file: #%PAM-1.0 # orginal before winbind # auth required /lib/security/pam_securetty.so # auth required /lib/security/pam_stack.so service=system-auth # auth required /lib/security/pam_nologin.so # added for winbind auth required /lib/security/pam_securetty.so auth required /lib/security/pam_nologin.so auth sufficient /lib/security/pam_winbind.so auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok account sufficient /lib/securi...

...les Oct 16 04:48:06 host imap-login: Disconnected [::ffff:<internal_IP>] Oct 16 11:48:11 host dovecot-auth: PAM: pipe() failed: Too many open files Oct 16 04:48:11 host imap-login: Aborted login [::ffff:<internal_IP>] Oct 16 04:48:11 host dovecot-auth: PAM unable to dlopen(/lib/security/pam_nologin.so) Oct 16 04:48:11 host dovecot-auth: PAM [dlerror: /lib/security/pam_nologin.so: cannot open shared object file: Too many open files] Oct 16 04:48:11 host dovecot-auth: PAM adding faulty module: /lib/security/pam_nologin.so Oct 16 04:48:11 host dovecot-auth: PAM unable to dlopen(/lib/security/pam...

...hd(pam_unix)[5463]: check pass; user unknown Here is the login file : #%PAM-1.0 auth required /lib/security/pam_securetty.so auth required /lib/security/pam_stack.so service=system-auth auth sufficient /lib/security/pam_winbind.so auth required /lib/security/pam_nologin.so account sufficient /lib/security/pam_winbind.so account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session optional /lib/s...

...windows user to the server on the server himself but when I want to login via a windows client It doesn't work. The connection is refused. Could it be something mis configured in my ssh pam module. This is my pam ssh module PAM configuration file for sshd auth required /lib/security/pam_nologin.so auth sufficient /lib/security/pam_winbind.so auth required /lib/security/pam_pwdb.so shadow nullok account sufficient /lib/security/pam_winbind.so account required /lib/security/pam_pwdb.so session required /lib/security/pam_pwdb.so session optional...

...N encrypt passwords = yes winbind separator = + idmap uid = 10000-20000 idmap gid = 10000-20000 winbind enum users = yes winbind enum groups = yes winbind use default domain = yes [homes] comment = Home Directories valid users = %S read only = No browseable = No pam.d/samba #%PAM-1.0 auth required pam_nologin.so auth required pam_stack.so service=system-auth auth required pam_winbind.so account required pam_winbind.so account required pam_stack.so service=system-auth session required pam_mkhomedir.so skel=/etc/samba/skel umask=0022 session required pam_stack.so service=system-auth password required pam_...

Hi, Gentoo updated dovecot to 1.0 beta3 and don't succeed in authentification with pop3. Here is my dovecot.conf 0.99 protocols = imap imaps pop3 pop3s imap_listen = * pop3_listen = * imaps_listen = * pop3s_listen = * login = imap login = pop3 default_mail_env = maildir:%h/.maildir mbox_locks = fcntl dotlock auth = default auth_mechanisms = plain auth_userdb = passwd auth_passdb = pam dovecot

..., its asks for username and password. i have user root and given password but it says "username cannot be found" my pam.d/login file is ######################################################### auth required pam_securetty.so auth required pam_stack.so service=system-auth auth required pam_nologin.so *auth sufficient pam_ldap.so* account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session required pam_stack.so service=system-auth session option...

...lines I added I added to the stock RHAT 8 gdm pam def.: #%PAM-1.0 + auth sufficient /lib/security/pam_winbind.so + auth sufficient /lib/security/pam_unix.so use_first_pass auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so + auth sufficient /lib/security/pam_winbind.so account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session optional /lib...

...ux users to login? #%PAM-1.0 auth required /lib/security/pam_securetty.so auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so use_first_pass auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so account sufficient /lib/security/pam_winbind.so account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session optional /lib/s...

...d/login #%PAM-1.0 auth required /lib/security/pam_securetty.so auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so use_first_pass auth required /lib/security/pam_stack.so service=system-auth auth required /lib/security/pam_nologin.so account sufficient /lib/security/pam_winbind.so account required /lib/security/pam_stack.so service=system-auth password required /lib/security/pam_stack.so service=system-auth session required /lib/security/pam_stack.so service=system-auth session optional /lib/s...

Hello, I reeeeally need someone's help here. I guide after guide from all sorts of sources but I still cannot get samba to authenticate a domain login via winbind off of the windows 2003 DC on our network. Here is what I can do: I can successfully do a kinit command and can verify the existance on the samba server in active directory on the DC. I can login using domain profiles on the samba

Dear list, I have questions about content of the following error messages. ---</var/log/secure>--- dovecot-auth:?PAM?unable?todlopen(/lib/security/pam_nologin.so) dovecot-auth:?PAM?[error:/lib/security/pam_nologin.so:?cannot?open?shared?object?file:?Too?many?open?files] dovecot-auth:?PAM?adding?faulty?module:/lib/security/pam_nologin.so dovecot-auth:?PAM?_pam_load_conf_file:?unable?to?open?/etc/pam.d/system-auth dovecot-auth:?PAM?unable?to?dlopen(<*un...

...ser unknown Jan 5 11:09:37 hermes login[9014]: FAILED LOGIN 1 FROM 172.27.1.223 FOR CSQ+shane, User not known to the underlying authentication module. my login in /etc/pam.d is auth required pam_securetty.so #auth required pam_stack.so service=system-auth auth required pam_nologin.so auth sufficient pam_winbind.so auth required pam_pwdb.so use_first_pass shadow nullok #account required pam_stack.so service=system-auth account sufficient pam_winbind.so #password required pam_stack.so service=system-auth password required pam_pwdb.so use...