search for: pam_wheel

...el group # usermod -G wheel umarzuki *Yes, I can use/setup sudo but I do this just for learning purpose My /etc/pam.d/su as below auth sufficient pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. #auth sufficient pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. auth required pam_wheel.so use_uid auth include system-auth account sufficient pam_succeed_if.so uid = 0 use_uid quiet account include...

...0 auth sufficient /lib/security/pam_rootok.so auth sufficient /lib/security/pam_winbind.so auth sufficient /lib/security/pam_unix.so use_first_pass # Uncomment the following line to implicitly trust users in the "wheel" group. #auth sufficient /lib/security/pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. #auth required /lib/security/pam_wheel.so use_uid #auth required /lib/security/pam_smb_auth.so #auth required /lib/security/pam_stack.so service=system-auth account...

...this is related to PAM, so I've modifed /etc/pam.d/su and /etc/pam.d/login to use pam_limits.so: # cat /etc/pam.d/su #%PAM-1.0 auth sufficient pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. #auth sufficient pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. #auth required pam_wheel.so use_uid auth include system-auth account sufficient pam_succeed_if.so uid = 0 use_uid quiet account include...

.../lib/security/pam_rootok.so > auth sufficient /lib/security/pam_winbind.so > auth sufficient /lib/security/pam_unix.so use_first_pass > # Uncomment the following line to implicitly trust users in the "wheel" > group. > #auth sufficient /lib/security/pam_wheel.so trust use_uid > # Uncomment the following line to require a user to be in the "wheel" group. > #auth required /lib/security/pam_wheel.so use_uid > #auth required /lib/security/pam_smb_auth.so > #auth required /lib/security/pam_stack.so service=s...

Pam auth don't work when I add pam_group: gw# id test2 uid=10001(test2) gid=11111(adusers) groups=11111(adusers), 10000(group1), 10001(group2), 10002(test10) gw# getent passwd test2 test2:*:10001:11111:Our AD-Unix Test Account:/home/test2:/bin/sh gw# cat /etc/pam.d/dovecot auth required pam_group.so group=adusers auth required pam_krb5.so

...=== for a userdb listing in "/var/imapuser". all simple & good, except -- -- where's "pam_listfile.so" on OSX? % ls /usr/lib/pam/ pam_afpmount.so pam_nologin.so pam_securetty.so pam_uwtmp.so pam_deny.so pam_permit.so pam_securityserver.so pam_wheel.so pam_netinfo.so pam_rootok.so pam_unix.so do i have to grab-n-install it from somewhere? or are one of these ^ an 'equivalent' ... this _should_ be simple :-} thanks, richard

...ch is quite embarrassing if the account you try to su to has none (like the account for the fetchmail daemon, for instance). This all on a debian sarge, samba 3.0.14a, openldap 2.2.23.8. My /etc/pam.d/su is this: #%PAM-1.0 auth sufficient /lib/security/pam_ldap.so auth requisite pam_wheel.so group=wheel debug auth required /lib/security/pam_unix_auth.so use_first_pass account sufficient /lib/security/pam_ldap.so account required /lib/security/pam_unix_acct.so password required /lib/security/pam_ldap.so use_first_pass use_authtok session required /li...

Hello, I've read on several howtos that one way to make ssh more secure, or at least reduce the damage if somebody breaks in, is to NOT allow direct ssh login from root, but allow logins from another user. So you have to know two passwords in order to do any real damage. Does this make sense? IF yes, what is the right way to create an user only for this purpose, that is one that can only

....so session required pam_mkhomedir.so skel=/etc/samba/skel umask=0022 password required pam_unix.so -------------- next part -------------- #%PAM-1.0 auth required /lib/security/pam_listfile.so onerr=fail item=user sense=allow file=/etc/security/suok auth required /lib/security/pam_wheel.so use uid auth required /lib/security/pam_pwdb.so shadow account required /lib/security/pam_pwdb.so password required /lib/security/pam_cracklib.so password required /lib/security/pam_pwdb.so shadow use_authtok session required /lib/security/pam_pwdb.so session optional /lib/s...

....so session required pam_mkhomedir.so skel=/etc/samba/skel umask=0022 password required pam_unix.so -------------- next part -------------- #%PAM-1.0 auth required /lib/security/pam_listfile.so onerr=fail item=user sense=allow file=/etc/security/suok auth required /lib/security/pam_wheel.so use uid auth required /lib/security/pam_pwdb.so shadow account required /lib/security/pam_pwdb.so password required /lib/security/pam_cracklib.so password required /lib/security/pam_pwdb.so shadow use_authtok session required /lib/security/pam_pwdb.so session optional /lib/s...

Thank for your answer: But i dont know understand why is following not working: I want to restrict the ssh access for a special domain member: In my "sshd_config" i added: AllowGroups restrictaccess root With user2 im able to login via ssh! log: pam_krb5(sshd:auth): user user2 authenticated as user2 at ROOTRUDI.DE With user1 im not! log: User user1 from 192.168.0.100 not allowed

Hey gang, I seem to be having a brain disconnect on how to get the Augeas type to manage things that have multiple values (i.e. an Augeas tree) via Puppet. If I run this in augtool: augtool> set /files/etc/ssh/sshd_config/AllowGroups/1000 sshuser augtool> save I see this in /etc/ssh/sshd_config: AllowGroups sshuser However, if I try this in an Augeas type: augeas {

Howdy list, Sorry if this is a frequently discussed topic, or an off-topic question, but I couldn't find much info about my question by performing quick searches in the archives, and my question is pretty tightly related to security... Background: =========== I have a number of FreeBSD machines. Most are 4.x, but a few are 5.x (mainly the testing/devel machines). I also have a single Red