Displaying 20 results from an estimated 400 matches similar to: "Problem with using both pam_listfile to deny logins and pubkey authentication"
2005 Aug 02
0
where is "pam_listfile.so" for static userdb?
hi all,
i'm setting up Dovecot on OSX to use PAM authentication against a
flat_file/static userdb (tho i will _eventually_ mv to pgsql ...).
iiuc, to do so i need something like:
===================================
(EDITOR) /etc/pam.d/dovecot.imap
auth required pam_listfile.so item=user sense=allow file=/var/dovecot/imapusers
onerr=fail
===================================
for a userdb
2004 May 14
0
winbind - pam_listfile.so for solaris
We use samba 2.2.9 with winbind. We use winbind for authentication.
I was able to selectively limit pop3 use among winbind users on redhat 9
with this pam configuration. (As you would use it in ftpusers, in the
reverse sense.)
auth required /lib/security/pam_listfile.so item=user onerr=fail
sense=allow file=/etc/pop3users
This is the best solution for my situation, and I want to have that on my
2010 Dec 27
3
Dovecot - AllowGroups option
Hi,
I'm trying to control access to different services on an Debian server using /etc/group. So that a user I create for FTP usage doesn't fill up my server with IMAP folders or samba garbage.
Services like proftpd have:
"AllowGroup ftpgroup"
sshd have
"AllowGroups sshgroup"
And samba have
"valid users = @smbgroup"
But I can't find the correct
2013 May 29
1
Enable IMAP only for certain users/IP
Hi,
I'm trying to config dovecot to enable IMAP protocol only for certain
IPs and users.
The logical steps I've followed are:
1. If a user is trying to login from an IP that I've authorized (
listed in a file) the request is authorized.
2. If not, if the user is listed in a second file the request is
authorized.
3. If also this check fails the request is rejected.
I'm using PAM
2007 Dec 04
10
Using puppet to manage user access to servers.
I''m guessing this is a common use case, but I wasn''t able to find
anything in the site FAQ. We''re looking at using Puppet on about 100
servers to control which user groups have access to which servers.
The use case is as follows:
We have Groups of servers, for example:
CUSTOMERservers (serverA, serverB, ...,serverK)
ADMINISTRATIVEservers
2007 Jan 15
1
Winbind caching group membership issue
Hi All,
I am using samba-common-3.0.10-1.4E.9 on a RHEL4_U4 x86 machine. The
ADS server is WS03 sp1 running in Windows Server 2003 interim mode. In
general thing are working well. However, when winbind caching is
enabled (default), group membership does not appear to update, i.e.
"wbinfo -r bob" and "groups bob" don't reflect changes in ADS group
membership.
2013 Aug 21
2
Auth error in log
Hi,
I have a setup with Dovecot handling a few virtual domains delivering
mails to both local Unix account mailboxes and seperate mailboxes for
virtual users defined in a MySQL database. A quick overview of the
configuration shows two passdb definitions:
auth default {
mechanisms = plain login
passdb pam {
args = dovecot
}
passdb sql {
args = /etc/dovecot/dovecot-sql.conf
}
2004 Jun 06
2
Feature request?
I'd like to toss a feature request on the table for consideration. We
currently use a different popd because of a feature that allows us to
restrict pop access based upon an allowed users list. This is the only
thing that keeps us from using the popd in dovecot currently. It's a
simple text file of usernames that are allowed to use pop, if the name
isn't in that list then pop
2007 Jun 16
3
Per user based protocol access and pause after failed login?
Hello.
Tried search, no luck, sorry, if this is already answered, but I'm still
looking a solution using pam_auth how to define in dovecot which user
can access which protocol, for example, default is:
protocols = pop3 pop3s imap imaps
I'd like to use something like this:
exclude_using_pop = user1, user2, @group
exclude_using_pops = user1, user2, @group
exclude_using_imap = user1,
2014 Feb 12
1
Font issue in Debian Jesse after updates
Hi,
My primary work computer (on which I have no sudo privileges) is running
Debian jessie. For various reasons I need to compile R in my personal
directory rather than using the site-wide install.
On 2013-12-20 the sysadmin ran apt-get upgrade, and now any R that I
compile errors when I try to use X11 fonts:
> plot(1:10)
Error in axis(side = side, at = at, labels = labels, ...) :
2010 Aug 15
3
Master User Features I'd like to see
Here's what I'd like. Limited master users, where someone can be a
master users for some domains but not others. I think I could do what I
want with the right kinds of variable passing that doesn't yet exist.
Let me see if I can explain clearly.
From the example in the wiki:
auth_master_user_separator = *
passdb {
driver = sql
args = /etc/dovecot/dovecot-sql-master.conf.ext
2009 Feb 14
2
I want to contribute to the wiki
Hi, here I'm sending the information regarding to my contribution:
1) My UserName: LuisVivero
2) What I want to contribute: I have created a manual called "C?mo
Instalar CentOS Directory Server en CentOS 5" (that means "how to
install CentOS Directory Server on CentOS 5") , that contains all the
steps to install, configure and perform a basic test over the server.
3)
2015 May 29
1
Enabling Master User for migration
hello,
in which way do you login ?
loginuser*masteruser or just masteruser?
You have to do the login with loginuser*masteruser masterpass
greetings
dominik
Am Freitag, den 29.05.2015, 10:14 -0400 schrieb Charles Marcus:
> Apologies - maybe doveconf -n shows a hint at the problem?
>
> Maybe it has to do with I'm using the default_realm? But I've tried
> adding the user as
2009 Jul 10
1
vsftpd not able to log in
Hi folks,
I can't seem to log into my system via
vsftpd. All other services using PAM are fine...Am I missing something simple?
ftp> user
(username) user
331 Please specify the password.
Password:
530 Login incorrect.
# getenforce
Permissive
here is the event in /var/log/audit/audit.log:
type=USER_AUTH msg=audit(1247235151.569:9781): user pid=21052 uid=0 auid=0
2014 Oct 22
2
special "what's my ip" pop account
Hello,
I like to enable the allow_nets Feature
(http://wiki2.dovecot.org/PasswordDatabase/ExtraFields/AllowNets)
for my customers. To help them knowing there own IP I imagine a
special mailbox/loginuser at the pop3 server.
That user could give a valid pop3 answer from a dummy pop3 server or
simply throw a login error with customised answer containing the IP
information.
Has anybody done
2004 Jan 12
1
PAM_ERROR_MSG and PAM_TEXT_INFO from modules
Hi,
I have tested the current snapshot portable release (dated Jan 9
2004).
configuration has:
UsePAM yes
PasswordAuthentication no
ChallengeResponseAuthentication yes
UsePrivilegeSeparation yes
two problems:
first pam_motd does not work anymore.
second, I needed a quick way to disable normal user logins without
disabling admin accounts (members of group wheel). the best option i
could come
2011 Jun 17
2
Restricting logins using pam_winbind require_membership_of ?
Hi.
I have some shares on a server that are offered to specific Active Directory
user groups, but the business doesn't want those users to be able to login
to the server. If I were to add "require_membership_of" to pam_winbind to
limit logins and shut out the users I don't want, would it also have the
side effect of denying those users access to the shares as well?
Regards,
2004 Oct 18
1
disable password authentication per user
I would like disable password authentication in sshd for particular users,
without locking their UNIX password, and without requiring all users to
use PubkeyAuthentication. I cannot find a documented way to accomplish
this in OpenSSH. Is it currently possible?
If not, I think this would be a very useful feature to add. I believe
that each user should have some control of which authentication
2012 Jul 14
2
Only allow connections if file (or special condition) is present
Hello!
I was wondering if it possible now (or possible to implement something like
that in the future) that the daemon does only accept connections if a
specific file is present at the moment of the connection request.
I want to achieve that a connection to my server is only possible if I plug
in e.g. an USB stick (which would contain the file) and is always rejected
if that
2014 Nov 03
1
Restricting physical login access to specific nodes using PAM / NSS / SMB4 AD/DC
I am using SSSD to get user AUTH from a backend Samba4 AD/DC.
For Linux clients sssd.conf is configured to query Samba4 AD based on
LDAP/Kerberos i.e. the Linux clients have not done a Domain join.
Physical console logins -- things are working fine with changes to NSS
and PAM (tool authconfig) for domain User AUTH on Linux and Windows
clients.
However, I want to restrict access to certain