search for: pam_succeed_if

**Unmatched Entries** gdm[5342]: pam_succeed_if(gdm:auth): error retrieving information about user gdm[5342]: pam_succeed_if(gdm:auth): error retrieving information about user gdm[5342]: pam_succeed_if(gdm:auth): error retrieving information about user 9 gdm[5342]: pam_succeed_if(gdm:auth): error retrieving information about user gdm[5342]:...

...op3 pop3_client_workarounds: outlook-no-nuls oe-ns-eoh auth default: passdb: driver: pam userdb: driver: passwd It seems that my mail server is being attacked by someone who tries to retrieve users' credentials. Please read below an output of logwatch. dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user sandra dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user tanya dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user tanya dovecot-auth: pam_succeed_if(dovecot:auth): erro...

Hi, The default system-auth file for PAM on CentOS has the following auth section: auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so What's the use of the pam_succeed_if line? It will only be reached if the pam_unix doesn't succeed and from my understanding it will prevent system accounts from logging in. Is it useless or am I missing something? Thanks, Danie...

.../skel/ umask=0077 /etc/pam.d/system-auth: ----------------------- #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 200 quiet_success auth sufficient pam_sss.so use_first_pass auth required pam_deny.so auth required pam_env.so auth optional pam_gnome_keyring.so account required pam_unix.so broken_shadow account sufficient pam_succeed_if.so u...

...; > > My /etc/pam.d/system-auth > #%PAM-1.0 > # This file is auto-generated. > # User changes will be destroyed the next time authconfig is run. > auth required pam_env.so > auth sufficient pam_unix.so nullok try_first_pass > auth requisite pam_succeed_if.so uid >= 200 quiet_success > auth sufficient pam_sss.so use_first_pass > auth required pam_deny.so > > account required pam_unix.so broken_shadow > account sufficient pam_succeed_if.so uid < 2000 quiet > account [default=bad succes...

...which is quite different than Debian's "include" based pam.d, cat /etc/pam.d/sshd # ---------------------------------------------------------------------- #%PAM-1.0 auth required pam_stack.so service=system-auth auth required pam_nologin.so account sufficient pam_succeed_if.so user ingroup sshlogin account sufficient pam_succeed_if.so user ingroup wheel password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth session required pam_loginuid.so session sufficient pam_mkhomedir.so skel=/etc/skel uma...

>From my secure log: Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown Sep 19 01:16:44 lin12 dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=::ffff:64.31.19.48 Sep 19 01:16:44 lin12 dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information about user aaron Sep 19 01:16:45 lin12 dovecot-auth: pam_unix(dovecot:auth): check pass; user unknown Sep 19 01:16:45 lin12 dovecot-auth: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot ruser= rhost=::ffff:64.31.19.48 Se...

On 05/09/2015 01:24 PM, Jonathan Billings wrote: > Is it normal to have pam_unix and pam_sss twice for each each section? No. See my previous message. I think it's the result of copying portions of SuSE configurations.

...lt;key>] [<service name>] ? #args = dovecot } userdb { ? # <doc/wiki/AuthDatabase.Passwd.txt> ? driver = passwd ? # [blocking=no] ? #args = ? # Override fields from passwd ? #override_fields = home=/home/virtual/%u } ...in PAM file: auth??? [success=1 default=ignore]????? pam_succeed_if.so user ingroup mailreader auth??? [success=ignore default=2]????? pam_succeed_if.so user ingroup admins auth??? [success=ignore default=1]????? pam_succeed_if.so uid >= 1000 auth??? [success=3 default=ignore]????? pam_winbind.so krb5_auth krb5_ccache_type=FILE cached_login auth??? [success...

...em-auth and password-auth to lock the user account for 30 minutes after 3 failed login attempts. ############system-auth############### auth required pam_tally2.so deny=3 unlock_time=1800 auth required pam_env.so auth sufficient pam_unix.so auth requisite pam_succeed_if.so uid >= 500 quiet auth required pam_deny.so account required pam_unix.so account required pam_tally2.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account required pam_permit.so password...

...helps: [root at happytobehere samba]# cat /etc/pam.d/password-auth-ac #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_succeed_if.so user ingroup adm_it_sops_lessadmins_mod auth sufficient pam_succeed_if.so user ingroup "domain admins" auth sufficient pam_krb5.so use_first_pass auth sufficient pam_winbind.so use_first_pass...

Hi Rowland, This is a CentOS 6.7 server. I was able to make some progress. I have edited /etc/pam.d/system-auth, and now it looks like: auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_ldap.so use_first_pass auth required pam_deny.so account required pam_unix.so account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad success=ok user...

...ar entry in the RHEL 6.1 /etc/pam.d/password-auth-ac file, and although I''ve come up with a way that "works", it''s fragile. I''m hoping someone can suggest a better way. First, the line in question in /etc/pam.d/password-auth-ac is auth requisite pam_succeed_if.so uid >= 500 quiet It''s the third line in the "auth" section of that file. The problem is that we have a few old-timers that have uids in the range 101-499, and this line causes them problems on login via things like sshd. In the past we would have scripted something in pe...

Hi all, I am a bit confused about the usage of pam_mount. Here is my /etc/pam.d/system-auth: auth required pam_env.so auth required pam_mount.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 500 quiet auth sufficient pam_krb5.so use_first_pass auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 500 quiet account [default=bad s...

...t [nss] [pam] [sudo] [autofs] [ssh] My /etc/pam.d/system-auth #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 200 quiet_success auth sufficient pam_sss.so use_first_pass auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_succeed_if.so uid < 2000 quiet account [default=bad success=ok user_unknown=ignore] pam_...

For those of you using Dovecot on Fedora, the noisy syslog is fixed: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=124979 I'd suggest getting the pam SRPM from Rawhide (Fedora development tree) and rebuilding, to minimize dependency issues. (I haven't tried this yet. I'm just forwarding the bug-closing report.)

...file is included from other service-specific PAM config files, # and should contain a list of the authorization modules that define # the central access policy for use on the system. The default is to # only deny service to users whose accounts are expired in /etc/shadow. # account sufficient pam_succeed_if.so debug user ingroup wheel account sufficient pam_succeed_if.so debug user ingroup Technology # # /etc/pam.d/common-auth - authentication settings common to all services # # This file is included from other service-specific PAM config files, # and should contain a list of the authentication...

...ibrary Trouble is ai still cannot ssh in to this box and authenticate with AD creds. Here's the error in the auth.log Nov 3 15:49:18 hat sshd[14389]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.1.10.229 user=ttt Nov 3 15:49:18 hat sshd[14389]: pam_succeed_if(sshd:auth): incomplete condition detected Nov 3 15:49:19 hat sshd[14389]: Failed password for ttt from 10.1.10.229 port 59317 ssh2 Nov 3 15:49:46 hat sshd[14389]: pam_succeed_if(sshd:auth): incomplete condition detected Nov 3 15:49:48 hat sshd[14389]: Failed password for ttt from 10.1.10.229 por...

...; > > My /etc/pam.d/system-auth > #%PAM-1.0 > # This file is auto-generated. > # User changes will be destroyed the next time authconfig is run. > auth required pam_env.so > auth sufficient pam_unix.so nullok try_first_pass > auth requisite pam_succeed_if.so uid >= 200 quiet_success > auth sufficient pam_sss.so use_first_pass > auth required pam_deny.so > > account required pam_unix.so broken_shadow > account sufficient pam_succeed_if.so uid < 2000 quiet > account [default=bad succes...

...--------------------------------------------------- password-auth-ac #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run. auth required pam_env.so auth sufficient pam_unix.so nullok try_first_pass auth requisite pam_succeed_if.so uid >= 1000 quiet_success auth sufficient pam_winbind.so use_first_pass auth required pam_deny.so account required pam_unix.so broken_shadow account sufficient pam_localuser.so account sufficient pam_succeed_if.so uid < 1000 quiet account [...