12-14-2015
There are many ways. Perhaps the best way, if not correct way is to use PAM. Most distro provided services are PAM enabled, and you can certainly create your own PAM enabled services as well.
With PAM you effectively stack these types of requirements.
Linux has probably the most robust selection of PAM modules available. But PAM started with Solaris. And PAM is available on HP-UX and AIX as well.
This User Gave Thanks to cjcox For This Post:
9 More Discussions You Might Find Interesting
1. Windows & DOS: Issues & Discussions
I am not an expert in Unix at all. My knowledge of Unix is average. We have a couple of Unix servers, Solaris and Linux, which run mostly web servers, and Oracle databases. Currently users have multiple user IDs for Unix and AD applications. Is it possible to make use of the Windows Active... (2 Replies)
Discussion started by: speriya
2 Replies
2. Shell Programming and Scripting
Is there a command or better combination of cmds that will give me the list of Unix users in a particular Unix group whether their primary group is that group in question (information stored in /etc/passwd) or they are in a secondary group (information stored in /etc/group).
So far all I got... (5 Replies)
Discussion started by: ckmehta
5 Replies
3. Solaris
I am using solaris unix 8.2 version. I want to bypass password authentication for sftp. Can you please give some ideas on this. thanks.Regards. (4 Replies)
Discussion started by: vijill
4 Replies
4. Web Development
My .NET website invokes a perl script to perform GIT operations on Gerrit server running UBuntu. In the perl script I connect using passwordless authentication to Gerrit server as below:
system ( "ssh gitadmin@gerritserver.com 'cd /xyz && git clone xxx' ");
I verified that ssh authentication... (3 Replies)
Discussion started by: tkota
3 Replies
5. AIX
We are looking at using Tivoli Directory Server (LDAP) or Active Directory 2003 for authentication. I wanted to get some feedback from the community. Our goal is to do it the simplest, easiest, and cheapest way that allows for centralized user authentication. We are mainly an AIX environment with... (3 Replies)
Discussion started by: x96riley3
3 Replies
6. UNIX and Linux Applications
Hi,
We are looking for UNIX and Linux authentication middleware/tools which can replace our existing RSA SecurID - Two-Factor Authentication. Any suggestions or recommendations.
Thanks,
Gabar (2 Replies)
Discussion started by: Gabar Singh
2 Replies
7. UNIX for Dummies Questions & Answers
Hi,
I was wondering if someone may be able to help me with finding out the different *nix logon types.
The different logon types for a Successful Logon event type in Windows (4624) is well documented both on the M$ site and also on many tech related sites, listing the different logon types... (6 Replies)
Discussion started by: urhero
6 Replies
8. Cybersecurity
Hello,
We have mid level infrastructure of all on-premises servers. All windows servers are getting authenticated by Microsoft Active Directory Services, half Unix (Solaris+Linux) servers are getting authentication by NIS and other half by LDAP.
We have plans to migrate from NIS to LDAP, so... (2 Replies)
Discussion started by: solaris_1977
2 Replies
9. Cybersecurity
The UNIX/Linux server security is challenging because these servers are at a risk of getting compromised at any point of time by the attackers. In today's enterprise environment, the UNIX and Linux servers are growing popular. With their increased popularity, these servers have become the primary... (1 Reply)
Discussion started by: reve-secure
1 Replies
LEARN ABOUT MINIX
pam_ldap
pam_ldap(8) System Manager's Manual pam_ldap(8)
NAME
pam_ldap - PAM module for LDAP-based authentication
SYNOPSIS
pam_ldap.so [...]
DESCRIPTION
This is a PAM module that uses an LDAP server to verify user access rights and credentials.
OPTIONS
use_first_pass
Specifies that the PAM module should use the first password provided in the authentication stack and not prompt the user for a pass-
word.
try_first_pass
Specifies that the PAM module should use the first password provided in the authentication stack and if that fails prompt the user
for a password.
nullok Specifying this option allows users to log in with a blank password. Normally logins without a password are denied.
ignore_unknown_user
Specifies that the PAM module should return PAM_IGNORE for users that are not present in the LDAP directory. This causes the PAM
framework to ignore this module.
ignore_authinfo_unavail
Specifies that the PAM module should return PAM_IGNORE if it cannot contact the LDAP server. This causes the PAM framework to ig-
nore this module.
no_warn
Specifies that warning messages should not be propagated to the PAM application.
use_authtok
This causes the PAM module to use the earlier provided password when changing the password. The module will not prompt the user for
a new password (it is analogous to use_first_pass).
debug This option causes the PAM module to log debugging information to syslog(3).
minimum_uid=UID
This option causes the PAM module to ignore the user if the user id is lower than the specified value. This can be used to bypass
LDAP checks for system users (e.g. by setting it to 1000).
MODULE SERVICES PROVIDED
All services are provided by this module but currently sessions changes are not implemented in the nslcd daemon.
FILES
/etc/pam.conf
the main PAM configuration file
/etc/nslcd.conf
The configuration file for the nslcd daemon (see nslcd.conf(5))
SEE ALSO
pam.conf(5), nslcd(8), nslcd.conf(5)
AUTHOR
This manual was written by Arthur de Jong <arthur@arthurdejong.org>.
Version 0.8.10 Jun 2012 pam_ldap(8)