search for: pam_shells

More digging (now that I have a better handle on how to ask the question) reveals this bug against documentation and release notes for 7.6 to alert updaters about this breaking change for vsftpd: https://bugzilla.redhat.com/show_bug.cgi?id=1647485 The last comment there, #15 by "Roy": > For a workaround to vsftpd login failures that doesn't expose your system > to the

...="/usr/sbin/vsftpd" (hostname=hostname, addr=1.2.3.4, terminal=ftp res=failed)' cat /etc/pam.d/vsftpd #%PAM-1.0 session optional pam_keyinit.so force revoke auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed auth required pam_shells.so auth include system-auth account include system-auth session include system-auth session required pam_loginuid.so # grep local /etc/vsftpd/vsftpd.conf local_enable=YES local_umask=022 chroot_local_user=YES # getsebool -a | grep ftp allow_ftpd_anon_write --> off allow_ftpd...

I need to be able to allow specific system accounts to ftp to a box. As far as I can tell I have to give them a shell in /etc/passwd (i.e. /bin/bash) in order for their ftp login to work. I do *not* however want them to be able to log into a shell or ssh session. I cannot restrict by IP. What's the best way to accomplish this? Thanks, Scott

...sation mechanism. here is the pam config ive tested with: #%PAM-1.0 auth requisite pam_noulogin.so auth required pam_listfile.so item=user sense=deny file=/etc/ssh/ssh_rsa_only onerr=succeed auth required pam_unix.so auth required pam_env.so # [1] auth required pam_shells.so account requisite pam_noulogin.so account required pam_unix.so session required pam_unix.so session required pam_limits.so session optional pam_motd.so # [1] session optional pam_mail.so standard # [1] password required pam_cracklib.so retry=3 minlen=8 difok=3 password...

...optional /lib/security/pam_console.so # cat /etc/pam.d/samba #%PAM-1.0 auth required /lib/security/pam_stack.so service=system-auth account required /lib/security/pam_stack.so service=system-auth # cat /etc/pam.d/sshd #%PAM-1.0 auth include system-auth auth required pam_shells.so auth required pam_nologin.so account include system-auth password include system-auth session include system-auth Anything else? Brian

...working. What I would like to do is : Only for vsftpd the authentication should be against the Active Directory, Below is the output of the /etc/pam.d/vsftpd -------------- [root@ftp ~]# cat /etc/pam.d/vsftpd #%PAM-1.0 auth?????? required???? pam_krb5.so try_first_pass auth?????? required???? pam_shells.so account??? required???? pam_krb5.so try_first_pass session??? required???? pam_krb5.so try_first_pass session??? required???? pam_loginuid.so [root@ftp ~]# -------------- Output of klist command -------------- [root@ftp ~]# klist Ticket cache: FILE:/tmp/krb5cc_0 Default principal: test2@GOTEST....

...up) and then winbind would query the AD,but clearly this error states otherwise. # /etc/nsswitch.conf: passwd: compat winbind shadow: compat group: compat winbind # /etc/pam/sshd #%PAM-1.0 auth required pam_stack.so service=system-auth-winbind auth required pam_shells.so auth required pam_nologin.so account required pam_stack.so service=system-auth-winbind password required pam_stack.so service=system-auth-winbind session required pam_stack.so service=system-auth-winbind # /etc/pam/system-auth-winbind #%PAM-1.0 auth require...

...is to achieve what used to be ftpd -A. # auth required pam_listfile.so item=user sense=allow file=/etc/ftpchroot onerr=fail auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed auth sufficient /lib/security/pam_winbind.so auth required /lib/security/pam_shells.so account sufficient pam_winbind.so account required pam_unix2.so password required pam_pwcheck.so nullok password required pam_unix2.so nullok use_first_pass use_authtok session required pam_limits.so session required pam_unix2.so --- The logs show (I used a correct user and a...

...stem-remote-login session include system-remote-login cat /etc/pam.d/system-remote-login auth include system-login account include system-login password include system-login session include system-login cat /etc/pam.d/system-login auth required pam_tally.so onerr=succeed auth required pam_shells.so auth required pam_nologin.so auth include system-auth account required pam_access.so account required pam_nologin.so account include system-auth account required pam_tally.so onerr=succeed password include system-auth session required pam_env.so session optional pam_lastlog.so...

Below is a cut and past from my log files that are sent to me. This is from the last day that proftpd worked correctly. I'm not sure why proftpd was restarted as the log states: ################### LogWatch 5.2.2 (06/23/04) #################### Processing Initiated: Sun Feb 19 09:02:02 2006 Date Range Processed: yesterday Detail Level of Output: 0 Logfiles

Hi, the man page an docs of ssh client say "If command is specified, it is executed on the remote host instead of a login shell." But afaik this is not quite accurate. The login shell is always started. But if a command is specified it runs that command instead of just opening an interactive setting. So if a user has /dev/false as login shell, you cannot run a command on that host via

...d > -------------- next part -------------- #%PAM-1.0 auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed #this line was changed should be pam_pwdb auth sufficient /lib/security/pam_winbind.so shadow auth required /lib/security/pam_shells.so #this line was changed should be pam_pwdb account required /lib/security/pam_winbind.so session required /lib/security/pam_pwdb.so -------------- next part -------------- #%PAM-1.0 auth required /lib/security/pam_winbind.so shadow nodelay auth required /lib/security/p...

Hi all, I was wondering if someone could lend a little assistance. I recently setup SAMBA/Winbind to allow users to login to a Redhat 8 box using their Windows NT Domain credentials. All is working well in that regard. The issue I am having is getting regular UNIX based users to be able to login. The following is my PAM configuration. For example, if I try to login as root, it does not work.

...d > -------------- next part -------------- #%PAM-1.0 auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed #this line was changed should be pam_pwdb auth sufficient /lib/security/pam_winbind.so shadow auth required /lib/security/pam_shells.so #this line was changed should be pam_pwdb account required /lib/security/pam_winbind.so session required /lib/security/pam_pwdb.so -------------- next part -------------- #%PAM-1.0 auth required /lib/security/pam_winbind.so shadow nodelay auth required /lib/security/p...

On Tue, 2003-06-17 at 09:45, Nick Stephens wrote: > Greetings! > > I have grabbed the latest samba3 cvs source, and successfully compiled it, > got it talking to my NT server, joined the domain, etc.. life is good. > But, now I have a question kinda related to functionality, i believe... > > A quick synopsis of my goal is as follows: > > i currently have a sendmail

Hello, I setup samba2.2.2 with winbind. samba is a member of domain with security=domain. Now both work well. Since there is no user in /etc/passwd, and user information gets from PDC(a win2000 server). The question is: there is no /home/xxx directory too.(I don't want to make it manually). I can configure /etc/pam.d/login with : session required /lib/security/pam_mkhomedir. so when

I'm on a redhat 7.2 box, and I am trying to configure PAM to use winbind to authenticate against an NT4 PDC. I followed the instructions I found at: http://de.samba.org/samba/ftp/docs/htmldocs/Samba-HOWTO-Collection.html#WINBIND I compiled the 2.2.4 source and have tried several permutations of the setup they suggest, and have tried many solutions I've seen suggested on different

Thank for your answer: But i dont know understand why is following not working: I want to restrict the ssh access for a special domain member: In my "sshd_config" i added: AllowGroups restrictaccess root With user2 im able to login via ssh! log: pam_krb5(sshd:auth): user user2 authenticated as user2 at ROOTRUDI.DE With user1 im not! log: User user1 from 192.168.0.100 not allowed

Hello, I reeeeally need someone's help here. I guide after guide from all sorts of sources but I still cannot get samba to authenticate a domain login via winbind off of the windows 2003 DC on our network. Here is what I can do: I can successfully do a kinit command and can verify the existance on the samba server in active directory on the DC. I can login using domain profiles on the samba

...am.d: #%PAM-1.0 auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed debug auth required /lib/security/pam_securetty.so auth required /lib/security/pam_stack.so service=system-auth debug auth required /lib/security/pam_shells.so debug #auth required /lib/security/pam_smb.auth.so debug account required /lib/security/pam_stack.so service=system-auth debug session required /lib/security/pam_stack.so service=system-auth debug Any help is greatly appreciated. Thanks... Neil Lehouillier Northrock Res...