Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: SOCKS proxy & PAM configuration exposure
Top Forums UNIX for Advanced & Expert Users SOCKS proxy & PAM configuration exposure Post 302987174 by Scrutinizer on Tuesday 6th of December 2016 01:21:21 PM
Old 12-06-2016
Hi Robin. Try putting
Code:
auth       required     pam_wheel.so use_uid group=SocksUsers

above:
Code:
auth       include      system-auth

Otherwise if
Code:
auth        sufficient    pam_winbind.so try_first_pass

succeeds, then no further modules will be called in the pam_stack..

Code:
       sufficient
           if such a module succeeds and no prior required module has failed the PAM framework returns success to the application or to the superior PAM stack immediately
           without calling any further modules in the stack. A failure of a sufficient module is ignored and processing of the PAM module stack continues unaffected.

https://www.unix.com/man-pages.php?qu...on=5&os=centos
Last edited by Scrutinizer; 12-06-2016 at 02:37 PM..
These 2 Users Gave Thanks to Scrutinizer For This Post:
jim mcnamara rbatte1
 

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Pam configuration

I have suse (SLES 9) machine,I would like to know how to creat a PAM configure file for ldap authentication and loading it using a "config" argument to pam_ldap.so Thanks for your help (0 Replies)
Discussion started by: hassan1
0 Replies

2. UNIX for Dummies Questions & Answers

reread pam configuration

Hi. i am on solaris. I have changed pam configuration. Do i need to let pam re-read its configuration again? If so, how can i do it? ps -ef | grep -i pam, returns no hits. Rgds (0 Replies)
Discussion started by: yls177
0 Replies

3. IP Networking

proxy DNS configuration

i have the DNS and the web proxy services running on one of my sun machines....the funny thing is clients use the proxy server by addressing it with its IP address only....what i need is to assign it like...proxy.amu.edu.et...... my guess is the problem is the configuration with the DNS ...but i... (2 Replies)
Discussion started by: henokia4j
2 Replies

4. Red Hat

PAM configuration: Kerberos authentication and NIS authorization problem

Hi, I've configured two linux boxes to authenticate against Windows Active Directory using Kerberos while retrieving authorization data (uids, gids ,,,)from NIS. The problem I ran into with my PAM configuration is that all authentication attempts succeed in order.i.e. if someone tried his... (0 Replies)
Discussion started by: geek.ksa
0 Replies

5. IP Networking

SQUID Proxy server configuration

Can any one direct me to the resources where I can find in-depth instructions on Squid Proxy server and its configuration? Thanks in advance.:) (1 Reply)
Discussion started by: admin_xor
1 Replies

6. UNIX for Advanced & Expert Users

Squid Dynamic Proxy Server Configuration

Hello all, I am trying to configure squid proxy server for different organizations. These organizations will have different blocked ports, different acls, etc. But, I can use only one proxy server for this purpose. Thinking of making a shell script with iptables and squid. For an example: a... (1 Reply)
Discussion started by: admin_xor
1 Replies

7. Shell Programming and Scripting

AIX pam ssh/sshd configuration not allowing sed or awk

This is a weird problem. Following is my code. /opt/quest/bin/vastool configure pam sshd /opt/quest/bin/vastool configure pam ssh cat /etc/pam.conf | \ awk '$1=="ssh"||$1=="sshd"||$1=="emagent"{sub("prohibit","aix",$NF);}1' OFS='\t' > /etc/pam.conf cat /etc/ssh/sshd_config | \ sed -e... (2 Replies)
Discussion started by: pjeedu2247
2 Replies

8. UNIX for Dummies Questions & Answers

Can't connect through ssh socks proxy to certain sites

Hello, i setup an open socks proxy on my remote vps: ssh -f -N -D 0.0.0.0:1080 localhost and then allowed only connections from IP of my home computer iptables -A INPUT --src myhomeip -p tcp --dport 1080 -j ACCEPT iptables -A INPUT -p tcp --dport 1080 -j REJECT but it appears that im... (3 Replies)
Discussion started by: postcd
3 Replies

9. Shell Programming and Scripting

Proxy socks tester issue

I have a list of ip socks / port(eg: 192.168.0.1 80). I would like to write a bash to test automatically these addresses in a loop with firefox. The problem is that firefox process stays alive even when firefox does not work because of wrong network settings. So I want to kill the process when the... (3 Replies)
Discussion started by: arpagon
3 Replies

LEARN ABOUT SUSE

pam_wheel

PAM_WHEEL(8)							 Linux-PAM Manual						      PAM_WHEEL(8)

NAME

       pam_wheel - Only permit root access to members of group wheel

SYNOPSIS

       pam_wheel.so [debug] [deny] [group=name] [root_only] [trust] [use_uid]

DESCRIPTION

       The pam_wheel PAM module is used to enforce the so-called wheel group. By default it permits root access to the system if the applicant
       user is a member of the wheel group. If no group with this name exist, the module is using the group with the group-ID 0.

OPTIONS

       debug
	   Print debug information.

       deny
	   Reverse the sense of the auth operation: if the user is trying to get UID 0 access and is a member of the wheel group (or the group of
	   the group option), deny access. Conversely, if the user is not in the group, return PAM_IGNORE (unless trust was also specified, in
	   which case we return PAM_SUCCESS).

       group=name
	   Instead of checking the wheel or GID 0 groups, use the name group to perform the authentication.

       root_only
	   The check for wheel membership is done only.

       trust
	   The pam_wheel module will return PAM_SUCCESS instead of PAM_IGNORE if the user is a member of the wheel group (thus with a little play
	   stacking the modules the wheel members may be able to su to root without being prompted for a passwd).

       use_uid
	   The check for wheel membership will be done against the current uid instead of the original one (useful when jumping with su from one
	   account to another for example).

MODULE TYPES PROVIDED

       The auth and account module types are provided.

RETURN VALUES

       PAM_AUTH_ERR
	   Authentication failure.

       PAM_BUF_ERR
	   Memory buffer error.

       PAM_IGNORE
	   The return value should be ignored by PAM dispatch.

       PAM_PERM_DENY
	   Permission denied.

       PAM_SERVICE_ERR
	   Cannot determine the user name.

       PAM_SUCCESS
	   Success.

       PAM_USER_UNKNOWN
	   User not known.

EXAMPLES

       The root account gains access by default (rootok), only wheel members can become root (wheel) but Unix authenticate non-root applicants.

	   su	   auth     sufficient	   pam_rootok.so
	   su	   auth     required	   pam_wheel.so
	   su	   auth     required	   pam_unix.so

SEE ALSO

       pam.conf(5), pam.d(5), pam(8)

AUTHOR

       pam_wheel was written by Cristian Gafton <gafton@redhat.com>.

Linux-PAM Manual						    04/01/2010							      PAM_WHEEL(8)
All times are GMT -4. The time now is 09:09 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy