Questions tagged [pam]
Pluggable authentication modules, a flexible framework for configuring authentication, most commonly the login component of Linux systems, but used in other components and operating systems.
762
questions
0
votes
1
answer
26
views
Proftpd error Unable to open config file: /etc/security/pam_env.conf
I'm getting this error in my syslog:
pam_env(proftpd:setcred): Unable to open config file: /etc/security/pam_env.conf: No such file or directory
pam_systemd(proftpd:session): Failed to connect to ...
- 111
0
votes
0
answers
21
views
Why is FreeIPA HBAC rule not enforced for sudo
Using FreeIPA on RHEL 9, I have both sudo rules configured and an HBAC rule. The HBAC rules are there to disable all access to certain accounts on some machines. I can test those with, e.g.:
ipa ...
- 152
0
votes
1
answer
94
views
google-autenticator openvpn not working pam?
Hy All.
I have been struggling with google-authenticator + pam..
Ubuntu 24.04
openvpn2.6.9-1ubuntu4 amd64.
server.conf
....
plugin /usr/lib/openvpn/openvpn-plugin-auth-pam.so "openvpn login ...
0
votes
0
answers
191
views
What is function of 'account required pam_faillock.so'?
I check pam configuration in /etc/pam.d/system-auth and /etc/pam.d/password-auth and I found line 'auth required pam_faillock.so'.
In some article that I read, if you want to set faillock you need ...
0
votes
1
answer
58
views
Is there a security issue or downside with using pam_succeed_if to enable automatic login?
Consider adding a line
auth succeed pam_succeed_if.so tty = /dev/ttyS0
to /etc/pam.d/login before @include common-auth. The desired effect would be password-less login via /dev/ttyS0 for root (but it ...
- 103
0
votes
0
answers
57
views
pam.d with MFA skips public-key authentication
I have a pam.d configuration with MFA authentication on a test server.
I noticed that the IP addresses that are in file access-without-MFA.conf mentioned,
can login without password and without ...
- 101
1
vote
0
answers
121
views
Domain user has different umask than expected
I have a network domain with multiple users managed by LDAP and Kerberos.
I'm managing the default umask via pam.d, in my /etc/pam.d/common-session with the line:
session optional pam_umask.so ...
- 111
0
votes
0
answers
60
views
pam_unix logs: xrdp-sesman:session session opened for user USERNAME(uid) by (uid=0)
recently I found a lot of these type of logs:
pam_unix(xrdp-sesman:session): session opened for user username(uid=some_uid) by (uid=0)
From what I read is xrdp-sesmam-session that is "opening&...
- 125
0
votes
0
answers
485
views
Disabling Password Login for Root User via PAM on Ubuntu Server
I have a Ubuntu Server (Ubuntu 22.04.3 LTS (GNU/Linux 5.15.0-1049-oracle aarch64) specfically), Where I am hosting a few projects, I am somewhat novice in the sysadmin space, but know some basics for ...
- 51
0
votes
2
answers
1k
views
Keycloak Integration with a Linux Server
I've set up a Keycloak server and I'm working on integrating it with a Linux server to allow users from Keycloak to authenticate into the Linux server using their Keycloak credentials.
Ideally, I'd ...
0
votes
1
answer
249
views
Postfix - SASL Cyrus saslauthd authentication failed
Goal: Configure smtpd to authenticate connections by using postfix, cyrus, saslauthd, pam and mysql.
Investigation
Authentication via courier-pop3 & courier-imap using mysql works
saslauthd ...
- 1
0
votes
0
answers
161
views
Unable to connect via SSH or access NFS exports
This one has me puzzled, I've got a home server (Debian Bookworm) and several Raspberry Pi machines, also all running Raspbian Bookworm. Just for illustrative purposes
ServerA Debian Bookworm
PI1, ...
0
votes
0
answers
191
views
Debian 12 Use Yubikey OR Password for sudo authentication
Using Debian12
Hi I want to know if I can use Yubikey OR Password for sudo authentication.
So basically if I do sudo date I want to immediately get a prompt for the password but at the same time be ...
- 131
0
votes
0
answers
48
views
Different results for NSS depending on where the user is logged in
When I call getpwuid it returns data from where NSS told it. In a PAM enabled system, we can authenticate a user logged in from console differently with a user logged in via ssh, but with NSS it is ...
- 117
0
votes
0
answers
177
views
Multiuser SMB Mount on Red Hat: Users Seeing Each Other's Folders Despite Separate cifscreds
We are attempting to mount a Windows file system on a Red Hat 9 machine. This Windows file system contains hundreds of accounts with finely tuned access rights.
We are trying to implement the ...
- 101