SOCKS proxy & PAM configuration exposure Post: 302986804

Sponsored Content

Top Forums UNIX for Advanced & Expert Users SOCKS proxy & PAM configuration exposure Post 302986804 by rbatte1 on Wednesday 30th of November 2016 09:19:00 AM

11-30-2016

Moderator

The content of /etc/pam.d/system-auth is below:-

Code:

#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_winbind.so try_first_pass
auth        required      pam_deny.so

account     required      pam_unix.so broken_shadow
account     required      pam_access.so
account     sufficient    pam_localuser.so
account     sufficient    pam_succeed_if.so uid < 500 quiet
account     [default=bad success=ok user_unknown=ignore] pam_winbind.so
account     required      pam_permit.so

password    requisite     pam_cracklib.so try_first_pass retry=3
password    sufficient    pam_unix.so md5 shadow nullok try_first_pass use_authtok
password    sufficient    pam_winbind.so use_authtok
password    required      pam_deny.so

session     required      pam_mkhomedir.so skel=/etc/skel/ umask=0022
session     optional      pam_keyinit.so revoke
session     required      pam_limits.so
session     [success=1 default=ignore] pam_succeed_if.so service in crond quiet use_uid
session     required      pam_unix.so

Have we done something really bad? Well, I suppose it's bad enough to allow anyone with a valid account Smilie

I know it's designed to be flexible and allow applications to abstract the authentication/authorisation etc. , but it is very confusing!

Apologies,
Robin

rbatte1

View Public Profile for rbatte1

Visit rbatte1's homepage!

Find all posts by rbatte1

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Pam configuration

I have suse (SLES 9) machine,I would like to know how to creat a PAM configure file for ldap authentication and loading it using a "config" argument to pam_ldap.so Thanks for your help

2. UNIX for Dummies Questions & Answers

reread pam configuration

Hi. i am on solaris. I have changed pam configuration. Do i need to let pam re-read its configuration again? If so, how can i do it? ps -ef | grep -i pam, returns no hits. Rgds

3. IP Networking

i have the DNS and the web proxy services running on one of my sun machines....the funny thing is clients use the proxy server by addressing it with its IP address only....what i need is to assign it like...proxy.amu.edu.et...... my guess is the problem is the configuration with the DNS ...but i...

4. Red Hat

PAM configuration: Kerberos authentication and NIS authorization problem

Hi, I've configured two linux boxes to authenticate against Windows Active Directory using Kerberos while retrieving authorization data (uids, gids ,,,)from NIS. The problem I ran into with my PAM configuration is that all authentication attempts succeed in order.i.e. if someone tried his...

5. IP Networking

SQUID Proxy server configuration

Can any one direct me to the resources where I can find in-depth instructions on Squid Proxy server and its configuration? Thanks in advance.:)

6. UNIX for Advanced & Expert Users

Squid Dynamic Proxy Server Configuration

Hello all, I am trying to configure squid proxy server for different organizations. These organizations will have different blocked ports, different acls, etc. But, I can use only one proxy server for this purpose. Thinking of making a shell script with iptables and squid. For an example: a...

7. Shell Programming and Scripting

AIX pam ssh/sshd configuration not allowing sed or awk

This is a weird problem. Following is my code. /opt/quest/bin/vastool configure pam sshd /opt/quest/bin/vastool configure pam ssh cat /etc/pam.conf | \ awk '$1=="ssh"||$1=="sshd"||$1=="emagent"{sub("prohibit","aix",$NF);}1' OFS='\t' > /etc/pam.conf cat /etc/ssh/sshd_config | \ sed -e...

8. UNIX for Dummies Questions & Answers

Can't connect through ssh socks proxy to certain sites

Hello, i setup an open socks proxy on my remote vps: ssh -f -N -D 0.0.0.0:1080 localhost and then allowed only connections from IP of my home computer iptables -A INPUT --src myhomeip -p tcp --dport 1080 -j ACCEPT iptables -A INPUT -p tcp --dport 1080 -j REJECT but it appears that im...

9. Shell Programming and Scripting

Proxy socks tester issue

I have a list of ip socks / port(eg: 192.168.0.1 80). I would like to write a bash to test automatically these addresses in a loop with firefox. The problem is that firefox process stays alive even when firefox does not work because of wrong network settings. So I want to kill the process when the...

LEARN ABOUT DEBIAN

pam_mkhomedir

PAM_MKHOMEDIR(8)						 Linux-PAM Manual						  PAM_MKHOMEDIR(8)

NAME

       pam_mkhomedir - PAM module to create users home directory

SYNOPSIS

       pam_mkhomedir.so [silent] [umask=mode] [skel=skeldir]

DESCRIPTION

       The pam_mkhomedir PAM module will create a users home directory if it does not exist when the session begins. This allows users to be
       present in central database (such as NIS, kerberos or LDAP) without using a distributed file system or pre-creating a large number of
       directories. The skeleton directory (usually /etc/skel/) is used to copy default files and also sets a umask for the creation.

       The new users home directory will not be removed after logout of the user.

OPTIONS

       silent
	   Don't print informative messages.

       umask=mask
	   The user file-creation mask is set to mask. The default value of mask is 0022.

       skel=/path/to/skel/directory
	   Indicate an alternative skel directory to override the default /etc/skel.

MODULE TYPES PROVIDED

       Only the session module type is provided.

RETURN VALUES

       PAM_BUF_ERR
	   Memory buffer error.

       PAM_CRED_INSUFFICIENT
	   Insufficient credentials to access authentication data.

       PAM_PERM_DENIED
	   Not enough permissions to create the new directory or read the skel directory.

       PAM_USER_UNKNOWN
	   User not known to the underlying authentication module.

       PAM_SUCCESS
	   Environment variables were set.

FILES

       /etc/skel
	   Default skel directory

EXAMPLES

       A sample /etc/pam.d/login file:

	     auth	requisite   pam_securetty.so
	     auth	sufficient  pam_ldap.so
	     auth	required    pam_unix.so
	     auth	required    pam_nologin.so
	     account	sufficient  pam_ldap.so
	     account	required    pam_unix.so
	     password	required    pam_unix.so
	     session	required    pam_mkhomedir.so skel=/etc/skel/ umask=0022
	     session	required    pam_unix.so
	     session	optional    pam_lastlog.so
	     session	optional    pam_mail.so standard

SEE ALSO

       pam.d(5), pam(7).

AUTHOR

       pam_mkhomedir was written by Jason Gunthorpe <jgg@debian.org>.

Linux-PAM Manual						    06/04/2011							  PAM_MKHOMEDIR(8)