|
|
Sponsored Content
Special Forums
UNIX and Linux Applications
Problems Hooking Sudoers into PAM/LDAP
Post 302470511 by vbe on Wednesday 10th of November 2010 09:54:58 AM
|
|
9 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
I have a linux machine which authenticate users to ldap, this is working fine. But I would like to limit users that logon to the machines to just the system admins.
The machines hosts different web sites which users accessed from there home directory like http://foo.mdx.ac.uk/~username
At the... (0 Replies)
Discussion started by: hassan1
0 Replies
2. UNIX for Advanced & Expert Users
Hallo miteinander,
ich bin gerade dabei ein eigenes C-Programm zuschreiben um mich über PAM auf einen LDAP Server zu authentifizieren.
... (2 Replies)
Discussion started by: saschaLin
2 Replies
3. Solaris
Hello gurus,
I've been working on a sudoers file to work with groups in LDAP. I've created the groups in LDAP and added the users to there respective groups. I've also setup my sudoers file to have the groups match what is in LDAP. And I've added ldap to nsswitch.conf in the group line. The... (6 Replies)
Discussion started by: em23
6 Replies
4. Solaris
Hi,
I´m trying to make Solaris authenticate users in AD. NTP is working, nsswitch.ldap is listed above, DNS is Ok and I made something different in pam.conf, krb5.conf and sshd_config (see above)
nsswitch.ldap:
passwd: files ldap
group: files ldap
hosts: files dns
ipnodes: ... (0 Replies)
Discussion started by: mpcavalcanti
0 Replies
5. Shell Programming and Scripting
Please I am having problem to login using Active Directory Services 2008 R2 accounts on a cubox ubuntu (2.6.32.9-dove-5.4.2 #46). "getent passwd" only shows local users, however I can querry ADS users using ldapsearch command.
I have 2 systems, one that does not use gdm can login with all users... (0 Replies)
Discussion started by: powelltallen
0 Replies
6. Cybersecurity
Please I am having problem to login using Windows 2008 R2 Active Directory Services accounts on a cubox ubuntu (2.6.32.9-dove-5.4.2 #46). "getent passwd" only shows local users, however I can querry ADS users using ldapsearch command.
I have 2 systems, one that does not use gdm can login with all... (1 Reply)
Discussion started by: powelltallen
1 Replies
7. UNIX and Linux Applications
Hello :)
we use LDAP with sudoers about 4 years. Works fine. But we have one problem with members of the admingroup (wheel). This users can do every command with sudo and with there privat password. But when they also are member to another special group, like sysadmin:
Sysadmin is allowed to... (0 Replies)
Discussion started by: darktux
0 Replies
8. OS X (Apple)
Hi Folks,
I've install 389 Directory Server on a Centos 7.0 server. Over the last two days I've been trying to connect a MacBook running 10.10.5 to the server as a client and I'm having only partial success.
I've "Joined" to my network Account Server, and set my LDAP Mappings to... (2 Replies)
Discussion started by: jlh
2 Replies
9. UNIX for Advanced & Expert Users
Hi,
I would like to configure samba with PEM (with LDAP). I've already found, on the server, configured the PAM Authentication(with LDAP) for ssh. I wanted to know if it was possible to configure PAM for to authenticate to another LDAP only for SAMBA.
Is possibile duplicate the... (2 Replies)
Discussion started by: mark888
2 Replies
LEARN ABOUT CENTOS
pam_ldap
pam_ldap(8) System Manager's Manual pam_ldap(8) NAME
pam_ldap - PAM module for LDAP-based authentication SYNOPSIS
pam_ldap.so [...] DESCRIPTION
This is a PAM module that uses an LDAP server to verify user access rights and credentials. OPTIONS
use_first_pass Specifies that the PAM module should use the first password provided in the authentication stack and not prompt the user for a pass- word. try_first_pass Specifies that the PAM module should use the first password provided in the authentication stack and if that fails prompt the user for a password. nullok Specifying this option allows users to log in with a blank password. Normally logins without a password are denied. ignore_unknown_user Specifies that the PAM module should return PAM_IGNORE for users that are not present in the LDAP directory. This causes the PAM framework to ignore this module. ignore_authinfo_unavail Specifies that the PAM module should return PAM_IGNORE if it cannot contact the LDAP server. This causes the PAM framework to ig- nore this module. no_warn Specifies that warning messages should not be propagated to the PAM application. use_authtok This causes the PAM module to use the earlier provided password when changing the password. The module will not prompt the user for a new password (it is analogous to use_first_pass). debug This option causes the PAM module to log debugging information to syslog(3). minimum_uid=UID This option causes the PAM module to ignore the user if the user id is lower than the specified value. This can be used to bypass LDAP checks for system users (e.g. by setting it to 1000). MODULE SERVICES PROVIDED
All services are provided by this module but currently sessions changes are not implemented in the nslcd daemon. FILES
/etc/pam.conf the main PAM configuration file /etc/nslcd.conf The configuration file for the nslcd daemon (see nslcd.conf(5)) SEE ALSO
pam.conf(5), nslcd(8), nslcd.conf(5) AUTHOR
This manual was written by Arthur de Jong <arthur@arthurdejong.org>. Version 0.8.13 May 2013 pam_ldap(8)