Centralised Account Management Post: 302283141

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Setting an account to be a non-login account automatically?

Is there a way to easily change an account to be a non login account (NP in the shadow) file? I know I can just edit the file but that is not what we want to do. We use access control software and want to provide a way to set an account to be non-login using simple commands that can be mapped...

2. UNIX for Dummies Questions & Answers

Change Account to not lock account if password expires

I have access to 15+ UNIX boxes at work, and I do not consistently log onto all of them over time. When I do try to access one I havent been on in awhile, my account is locked as the password has expired. I need to request to the UNIX SA's that the password expiration is 90 days and that if it...

3. Solaris

User account management Sol10

Hi, Is all of the user account password security settings kept in the /etc/default/passwd file or is there some new control in Solaris 10 that defines these? I need to know the security settings for passwords in Solaris 10. Also is there any way to find out when accounts were created? ...

4. Linux

Apply disk quota to account(dedicate 3 GB to account).

Hi , I am faceing lot of problem due to "disk space is not enough". senerio is like as, In system has 5 account. a,b,c,d,e say account c if very critical. Due to other user's data, user 'c' is faceing disk space issue. I want to dedicate 3 GB for user 'c'. No user...

5. Red Hat

Authentication for USB Access from ldap server as centralised

HI All, Kindly help me to configure the ldap server which is used to authenticate my all cleints from usd access..I need to block all the usb access to the clients... RHEL5.4

6. How to Post in the The UNIX and Linux Forums

Simultaneously try to execute commands after connecting to remote account to one account

I have made password less connection to my remote account. and i tried to execute commands at a time. but i am unable to execute the commands. ssh $ACCOUNT_DETAILS@$HOST_DETAILS cd ~/JEE/*/logs/

7. Windows & DOS: Issues & Discussions

What happens to your skype account if you close outlook.com email account?

Hello, Does anyone know what happens to your skype account if you close the outlook.com email account which are linked together? As you know they are both owned by Microsoft. Thanks

8. What is on Your Mind?

Individual Risk Management (Personal IT Security) and Browser Cache Management

Original post from this thread on browser caching. To add to this, it is an effective security measure to clear absolutely all cached data (cookies, web content, ....) when closing the browser - i.e. in case of a shutdown. It takes a bit of work to re-login to all the sites but websites will not...

LEARN ABOUT X11R4

pam_sample

pam_sample(5)															     pam_sample(5)

NAME

       pam_sample - a sample PAM module

SYNOPSIS

       /usr/lib/security/pam_sample.so.1

       The  SAMPLE  service  module  for PAM is divided into four components: authentication, account management, password management, and session
       management. The sample module is a shared object that is dynamically loaded to provide the necessary functionality.

SAMPLE Authentication Component
       The SAMPLE authentication module provides functions to test the PAM framework functionality using the pam_sm_authenticate(3PAM)	call.  The
       SAMPLE  module  implementation  of  the	pam_sm_authenticate(3PAM) function compares the user entered password with the password set in the
       pam.conf(4) file, or the string "test" if a default test password has not been set. The following options can be passed in  to  the  SAMPLE
       Authentication module:

       debug		       Syslog debugging information at the LOG_DEBUG level.

       passwd=newone	       Sets the password to be "newone."

       first_pass_good	       The first password is always good when used with the use_first_pass or try_first_pass option.

       first_pass_bad	       The first password is always bad when used with the use_first_pass or try_first_pass option.

       always_fail	       Always returns PAM_AUTH_ERR.

       always_succeed	       Always returns PAM_SUCCESS.

       always_ignore	       Always returns PAM_IGNORE.

       use_first_pass	       Use  the  user's initial password (entered when the user is authenticated to the first authentication module in the
			       stack) to authenticate with the SAMPLE module. If the passwords do not match, or if this is the	first  authentica-
			       tion  module  in the stack, quit and do not prompt the user for a password. It is recommended that this option only
			       be used if the SAMPLE authentication module is designated as optional in the pam.conf configuration file.

       try_first_pass	       Use the user's initial password (entered when the user is authenticated to the first authentication module  in  the
			       stack)  to  authenticate with the SAMPLE module. If the passwords do not match, or if this is the first authentica-
			       tion module in the stack, prompt the user for a password.

			       The SAMPLE module pam_sm_setcred(3PAM) function always returns PAM_SUCCESS.

SAMPLE Account Management Component
       The SAMPLE Account Management Component implements a simple access control scheme that limits machine access to a list of authorized users.
       The  list  of  authorized  users  is supplied as option arguments to the entry for the SAMPLE account management PAM module in the pam.conf
       file. Note that the module always permits access to the root super user.

       The option field syntax to limit access is shown below: allow= name[,name] allow= name [allow=name]

       The example pam.conf show below permits only larry to login directly. rlogin is allowed only for don and larry. Once a user is  logged  in,
       the user can use su if the user are sam or eric.

       login	     account	   require	 pam_sample.so.1   allow=larry
       dtlogin	     account	   require	 pam_sample.so.1   allow=larry
       rlogin	     account	   require	 pam_sample.so.1   allow=don allow=larry
       su	     account	   require	 pam_sample.so.1   allow=sam,eric

       The debug and nowarn options are also supported.

SAMPLE Password Management Component
       The SAMPLE Password Management Component function ( pam_sm_chauthtok(3PAM)), always returns PAM_SUCCESS.

SAMPLE Session Management Component
       The SAMPLE Session Management Component functions ( pam_sm_open_session(3PAM), pam_sm_close_session(3PAM)) always return PAM_SUCCESS.

       See attributes(5) for description of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       |MT Level		     |MT-Safe with exceptions	   |
       +-----------------------------+-----------------------------+

       pam(3PAM),  pam_sm_authenticate(3PAM), pam_sm_chauthtok(3PAM), pam_sm_close_session(3PAM), pam_sm_open_session(3PAM), pam_sm_setcred(3PAM),
       libpam(3LIB), pam.conf(4), attributes(5)

       This module should never be used outside of a closed debug environment. The examples of the use_first_pass and try_first_pass  options  are
       obsolete for all other Solaris delivered PAM service modules

       The interfaces in libpam() are MT-Safe only if each thread within the multi-threaded application uses its own PAM handle.

								    16 Aug 2005 						     pam_sample(5)