How are you connected to Active Directory? Are you using sssd auth? If so, you can use a value in /etc/sssd/sssd.conf:
If you are using nscd/nslcd which use a more traditional ldap method, there's an option somewhere for your ldap search string. You can write a query that matches just the groups or users you want to allow.
Last edited by bgstack15; 10-05-2018 at 10:20 AM..
Reason: fix tags
how can i find my own ip address from unix. command like who -x .this would provide all the ip address but i need to list only current user ip address. who am i command does not display the ip. (1 Reply)
how can i find my own ip address from unix. command like who -x .this would provide all the ip address but i need to list only current user ip address. who am i command does not display the ip. (9 Replies)
Hi,
I'm brand new here and looking for a solution:
I'm using mail or mailx. The default reply address is «myshortusername@mylongusername.local» which makes absolutely no sense for anybody receiving my emails.
But how do I change it? There seem to be many solutions but none for Mac OS X.... (0 Replies)
Besides doing some shell-script which loops through /etc/passwd, I was wondering if there was some command that would tell me, like an enhanced version of getent.
The Operating system is Solaris 10 (recent-ish revision) using Sun DS for LDAP. (5 Replies)
Hi Gurus,
I have a script that requires me to switch from local user to root. Anyone who has an idea on this since when i switch user to root it requires me to input root password.
It seems that i need to use expect module here, but i don't know how to create the object for this.
... (1 Reply)
Here is the log im pasting for verbose ssh:
-bash-2.05b$ ssh -v qa_fnp@10.41.11.23
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will... (5 Replies)
Hi
We have these specific requirements for a bunch of servers we have and cannot seem to get pam to behave in this way. We would like:
PAM locks accounts if pam tally reaches 10.
PAM unlocks the account after 30mins from locking it, and resets the pam_tally.
The key is that we don't... (0 Replies)
Hi,
I need to switch from local user to root user in a shell script.
I need to make it automated so that it doesn't prompt for the root password.
I heard the su command will do that work but it prompt for the password.
and also can someone tell me whether su command spawns a new shell or... (1 Reply)
Discussion started by: Little
1 Replies
LEARN ABOUT CENTOS
sss_obfuscate
SSS_OBFUSCATE(8) SSSD Manual pages SSS_OBFUSCATE(8)NAME
sss_obfuscate - obfuscate a clear text password
SYNOPSIS
sss_obfuscate [options] [PASSWORD]
DESCRIPTION
sss_obfuscate converts a given password into human-unreadable format and places it into appropriate domain section of the SSSD config file.
The cleartext password is read from standard input or entered interactively. The obfuscated password is put into "ldap_default_authtok"
parameter of a given SSSD domain and the "ldap_default_authtok_type" parameter is set to "obfuscated_password". Refer to sssd-ldap(5) for
more details on these parameters.
Please note that obfuscating the password provides no real security benefit as it is still possible for an attacker to reverse-engineer the
password back. Using better authentication mechanisms such as client side certificates or GSSAPI is strongly advised.
OPTIONS -h,--help
Display help message and exit.
-s,--stdin
The password to obfuscate will be read from standard input.
-d,--domain DOMAIN
The SSSD domain to use the password in. The default name is "default".
-f,--file FILE
Read the config file specified by the positional parameter.
Default: /etc/sssd/sssd.conf
SEE ALSO sssd(8), sssd.conf(5), sssd-ldap(5), sssd-krb5(5), sssd-simple(5), sssd-ipa(5), sssd-ad(5), sssd-sudo(5),sss_cache(8), sss_debuglevel(8),
sss_groupadd(8), sss_groupdel(8), sss_groupshow(8), sss_groupmod(8), sss_useradd(8), sss_userdel(8), sss_usermod(8), sss_obfuscate(8),
sss_seed(8), sssd_krb5_locator_plugin(8), sss_ssh_authorizedkeys(8), sss_ssh_knownhostsproxy(8),pam_sss(8).
AUTHORS
The SSSD upstream - http://fedorahosted.org/sssd
SSSD 06/17/2014 SSS_OBFUSCATE(8)