search for: pam_sepermit

...nsu.ca/pub/OpenBSD/OpenSSH/portable and built the RPMs, but the PAM configuration file is wrong after installation. When I install the default openssh-5.3p1 RPMs from the CentOS 6.5 repository, the configuration looks like this: # cat /etc/pam.d/sshd #%PAM-1.0 auth required pam_sepermit.so auth include password-auth account required pam_nologin.so account include password-auth password include password-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session req...

...nsu.ca/pub/OpenBSD/OpenSSH/portable and built the RPMs, but the PAM configuration file is wrong after installation. When I install the default openssh-5.3p1 RPMs from the CentOS 6.5 repository, the configuration looks like this: # cat /etc/pam.d/sshd #%PAM-1.0 auth required pam_sepermit.so auth include password-auth account required pam_nologin.so account include password-auth password include password-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session req...

...quired /lib/security/$ISA/pam_deny.so session required /lib/security/$ISA/pam_limits.so session required /lib/security/$ISA/pam_unix.so session required pam_mkhomedir.so skel=/etc/skel umask=0022 session required /lib/security/$ISA/pam_winbind.so /etc/pam.d/sshd: #%PAM-1.0 auth required pam_sepermit.so auth include password-auth account required pam_nologin.so account include password-auth password include password-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session required pam_loginuid.so #...

...on optional pam_mkhomedir.so skel=/etc/skel/ umask=0077 session [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid session required pam_unix.so session optional pam_winbind.so ------------------------ sshd #%PAM-1.0 auth required pam_sepermit.so auth substack password-auth auth include postlogin auth include system-auth auth sufficient pam_winbind.so account required pam_nologin.so account include password-auth password include password-auth # pam_selinux.so close should be t...

...LIMIT 15 #DEREF never TLS_CACERTDIR /etc/openldap/cacerts # Turning this off breaks GSSAPI used with krb5 when rdns = false SASL_NOCANON on URI ldap://myldapserver.mydomain BASE ou=YYYY,o=XXXX /etc/pam.d/sshd: ------------------------------ #%PAM-1.0 auth required pam_sepermit.so auth substack password-auth auth include postlogin account required pam_nologin.so account include password-auth password include password-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session...

Thanks a lot for looking over the config. I am at the topic "user data is available" id <username> and getent passwd and ldapsearch -x -b "ou=XXX,o=YYY" uid=<username> give the correct results ldapsearch gives also the correct host attribute i have set in the ldap server. Regarding the manpage of sssd.conf the lines access_provider = ldap ldap_access_order =

Thank for your answer: But i dont know understand why is following not working: I want to restrict the ssh access for a special domain member: In my "sshd_config" i added: AllowGroups restrictaccess root With user2 im able to login via ssh! log: pam_krb5(sshd:auth): user user2 authenticated as user2 at ROOTRUDI.DE With user1 im not! log: User user1 from 192.168.0.100 not allowed

...ears in the local > unix password files. Make sure that it doesn't. Nope. None of the usernames i tried is in /etc/passwd or /etc/shadow > > What do /etc/pam.d/sshd and /etc/pam.d/system-auth contain, currently? /etc/pam.d/sshd: ---------------- #%PAM-1.0 auth required pam_sepermit.so auth substack password-auth auth include postlogin account required pam_nologin.so account include password-auth password include password-auth # pam_selinux.so close should be the first session rule session required pam_selinux.so close session...