Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: SOCKS proxy & PAM configuration exposure
Top Forums UNIX for Advanced & Expert Users SOCKS proxy & PAM configuration exposure Post 302987174 by Scrutinizer on Tuesday 6th of December 2016 01:21:21 PM
Old 12-06-2016
Hi Robin. Try putting
Code:
auth       required     pam_wheel.so use_uid group=SocksUsers

above:
Code:
auth       include      system-auth

Otherwise if
Code:
auth        sufficient    pam_winbind.so try_first_pass

succeeds, then no further modules will be called in the pam_stack..

Code:
       sufficient
           if such a module succeeds and no prior required module has failed the PAM framework returns success to the application or to the superior PAM stack immediately
           without calling any further modules in the stack. A failure of a sufficient module is ignored and processing of the PAM module stack continues unaffected.

https://www.unix.com/man-pages.php?qu...on=5&os=centos
Last edited by Scrutinizer; 12-06-2016 at 02:37 PM..
These 2 Users Gave Thanks to Scrutinizer For This Post:
jim mcnamara rbatte1
 

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Pam configuration

I have suse (SLES 9) machine,I would like to know how to creat a PAM configure file for ldap authentication and loading it using a "config" argument to pam_ldap.so Thanks for your help (0 Replies)
Discussion started by: hassan1
0 Replies

2. UNIX for Dummies Questions & Answers

reread pam configuration

Hi. i am on solaris. I have changed pam configuration. Do i need to let pam re-read its configuration again? If so, how can i do it? ps -ef | grep -i pam, returns no hits. Rgds (0 Replies)
Discussion started by: yls177
0 Replies

3. IP Networking

proxy DNS configuration

i have the DNS and the web proxy services running on one of my sun machines....the funny thing is clients use the proxy server by addressing it with its IP address only....what i need is to assign it like...proxy.amu.edu.et...... my guess is the problem is the configuration with the DNS ...but i... (2 Replies)
Discussion started by: henokia4j
2 Replies

4. Red Hat

PAM configuration: Kerberos authentication and NIS authorization problem

Hi, I've configured two linux boxes to authenticate against Windows Active Directory using Kerberos while retrieving authorization data (uids, gids ,,,)from NIS. The problem I ran into with my PAM configuration is that all authentication attempts succeed in order.i.e. if someone tried his... (0 Replies)
Discussion started by: geek.ksa
0 Replies

5. IP Networking

SQUID Proxy server configuration

Can any one direct me to the resources where I can find in-depth instructions on Squid Proxy server and its configuration? Thanks in advance.:) (1 Reply)
Discussion started by: admin_xor
1 Replies

6. UNIX for Advanced & Expert Users

Squid Dynamic Proxy Server Configuration

Hello all, I am trying to configure squid proxy server for different organizations. These organizations will have different blocked ports, different acls, etc. But, I can use only one proxy server for this purpose. Thinking of making a shell script with iptables and squid. For an example: a... (1 Reply)
Discussion started by: admin_xor
1 Replies

7. Shell Programming and Scripting

AIX pam ssh/sshd configuration not allowing sed or awk

This is a weird problem. Following is my code. /opt/quest/bin/vastool configure pam sshd /opt/quest/bin/vastool configure pam ssh cat /etc/pam.conf | \ awk '$1=="ssh"||$1=="sshd"||$1=="emagent"{sub("prohibit","aix",$NF);}1' OFS='\t' > /etc/pam.conf cat /etc/ssh/sshd_config | \ sed -e... (2 Replies)
Discussion started by: pjeedu2247
2 Replies

8. UNIX for Dummies Questions & Answers

Can't connect through ssh socks proxy to certain sites

Hello, i setup an open socks proxy on my remote vps: ssh -f -N -D 0.0.0.0:1080 localhost and then allowed only connections from IP of my home computer iptables -A INPUT --src myhomeip -p tcp --dport 1080 -j ACCEPT iptables -A INPUT -p tcp --dport 1080 -j REJECT but it appears that im... (3 Replies)
Discussion started by: postcd
3 Replies

9. Shell Programming and Scripting

Proxy socks tester issue

I have a list of ip socks / port(eg: 192.168.0.1 80). I would like to write a bash to test automatically these addresses in a loop with firefox. The problem is that firefox process stays alive even when firefox does not work because of wrong network settings. So I want to kill the process when the... (3 Replies)
Discussion started by: arpagon
3 Replies

LEARN ABOUT NETBSD

pam.conf

PAM.CONF(5)						      BSD File Formats Manual						       PAM.CONF(5)

NAME

     pam.conf -- Pluggable Authentication Modules configuration file

DESCRIPTION

     The pam.conf file specifies how Pluggable Authentication Modules (PAM) should operate.  For an overview of the Pluggable Authentication Mod-
     ules framework, see pam(8).

     PAM may be configured using a single /etc/pam.conf configuration file or by using multiple configuration files, one for each PAM-aware ser-
     vice, located in the /etc/pam.d/ directory.  If /etc/pam.d/ exists, /etc/pam.conf will be ignored.  /etc/pam.d/ is the preferred method for
     configuring PAM.

     PAM's configuration is based on ``stacking'' different modules together to form a processing chain for the task.  A standard PAM configura-
     tion stanza is structured as follows:

	   [service-name] module-type control-flag module-name [options]

     service-name is used only (and is mandatory) in /etc/pam.conf.  It specifies the PAM-aware service whose PAM behavior is being configured.
     When /etc/pam.d/ is used, the name of the configuration file specifies the service.

     module-type specifies which of the four classes of PAM module functionality is being configured.  These four classes are account (account
     management), auth (authentication), password (password management), and session (session management).

     control-flag specifies the behavior of the processing chain upon success or failure of the PAM module's authentication task.  The following
     are valid values for control-flag:

     binding	 If the module succeeds and no earlier module in the chain has failed, the chain is immediately terminated and the request is
		 granted.  If the module fails, the rest of the chain is executed, but the request is ultimately denied.

     requisite	 If the module returns success, continue to execute the processing chain.  If the module fails, immediately return the error code
		 from the first 'required' failure.

     required	 If the module returns success, continue to execute the processing chain.  If the module fails, record as a 'required' failure and
		 continue to execute the processing chain.  If there are any 'required' failures in the processing chain, the chain will ulti-
		 mately return failure.

     optional	 If the module returns success, continue to execute the processing chain.  If the module fails, record as an 'optional' failure
		 and continue to execute the processing chain.

     sufficient  If the module returns success and there have been no recorded 'required' failures, immediately return success without calling any
		 subsequent modules in the processing chain.  If the module fails, return as an 'optional' failure and continue to execute the
		 processing chain.

     module-name specifies the module to execute for this stanza.  This is either an absolute path name or a path name relative to the default
     module location: /usr/lib/security.

     options are additional options that may be specified for the module.  Refer to the individual modules' documentation for more information on
     available options.

     In addition to the standard configuration stanza format, there is an additional stanza format available when /etc/pam.d/ is used:

	   module-type include service-name

     This stanza format provides a simple inheritance model for processing chains.

FILES

     /etc/pam.conf  monolithic PAM configuration file
     /etc/pam.d/    PAM service configuration file directory

EXAMPLES

     The following auth processing chain for the ``login'' service (located in /etc/pam.d/login) performs the following tasks: allows the login if
     the old user and new user are the same, verifies that logins are not disabled using the /var/run/nologin file, allows Kerberos 5 password
     authentication, and requires standard UNIX password authentication if Kerberos 5 failed:

	   auth    sufficient	   pam_self.so
	   auth    required	   pam_nologin.so
	   auth    sufficient	   pam_krb5.so
	   auth    required	   pam_unix.so

NOTES

     It is important to note that loading a chain will fail if any of the components of the chain fail to load or are not available.  A common
     situation when this can happen is on a system that where components such as kerberos(1) or crypto(3) have not been installed.  In that situa-
     tion pam_krb5(8), pam_ksu(8), or pam_ssh(8) might not be present in the system.  In order for a chain to load properly all non-present compo-
     nents must be removed from the chain.

SEE ALSO

     login(1), passwd(1), su(1), pam(3), pam(8)

HISTORY

     The pam.conf file format first appeared in NetBSD 3.0.

BSD
								  March 17, 2005							       BSD
All times are GMT -4. The time now is 01:54 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy