Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Enhanced Password Authentication
Operating Systems Solaris Enhanced Password Authentication Post 56950 by kduffin on Thursday 14th of October 2004 08:46:03 PM
Old 10-14-2004
Solaris depends on PAM modules to make the login process more robust. There are some free PAM modules that do do what you are describing.

PAM_login_limit - locks an account after a number of incorect login attempts.
PAM_remote_hosts - provides TCP wrappers style control, but at the PAM level, so we also have control on user/host/service.
PAM_login_times - provides control over login times for users. Configurable on a 15 minute interval.
PAM_chroot - allows any account to be chrooted.
PAM_history - allows password reuse to be controlled over multiple password changes.
PAM_null - diagnostic and tracing module.

You can find the module source and binaries at Computer Smiths

Now the cautionary note. Using PAM third-party modules can introduce additional risk to any system.

Cheers,

Keith Duffin
 

9 More Discussions You Might Find Interesting

1. Cybersecurity

Password Authentication

I would like to know how to validate an unix password from shell script (If is possible) Thanks very much ;) (3 Replies)
Discussion started by: juan_o_morillo
3 Replies

2. UNIX for Advanced & Expert Users

AIX password authentication very slow

AIX password authentication very slow I installed and already removed openssh and our login on the aix box very slow. It takes 30 seconds to get the password authenticated. How can i debug this problem? and what might be the reason. It was working fine until i tried to get openssh... (0 Replies)
Discussion started by: progressdll
0 Replies

3. Solaris

bypass password authentication for sftp in unix

I am using solaris unix 8.2 version. I want to bypass password authentication for sftp. Can you please give some ideas on this. thanks.Regards. (4 Replies)
Discussion started by: vijill
4 Replies

4. Solaris

can't bypass password authentication

I can able to SFTP from my web server unix to apps server unix end. but the other way from APPS server to Web server is still asking me the password. I have done same procedure both side. still i am having same problem. Any one help on this. thanks, regards (3 Replies)
Discussion started by: vijill
3 Replies

5. Shell Programming and Scripting

Password-less RSA Authentication not working

Hello Friends, I know this issue has been raised many times and hence I tried every resolution provided in the forum before I posted this issue again. My Password-less RSA authentication was working fine for quite some time. Whenever the remote server password used to change I used to re-do... (5 Replies)
Discussion started by: mehimadri
5 Replies

6. UNIX and Linux Applications

Regarding NFS server username/password authentication

Hi; I had set up NFS server in one ubuntu box and mounted few directories using it. In order to access those directories across the network i m using j-ftp(an open source java network client) from other boxes in the same network.I am able to view my mounted directories in the server through it.... (1 Reply)
Discussion started by: ajaypadvi
1 Replies

7. Solaris

Unable to login password less authentication

Hi, I am facing strange problem in solaris 10. My requirement is that on server A using user test, any user which is created on Server B will be able to login wihtout password (ssh) from Server A All the users which are on Server B are able able to login from Server A using test user. ... (8 Replies)
Discussion started by: manoj.solaris
8 Replies

8. UNIX for Dummies Questions & Answers

SSH Keys Authentication keeps asking for password

Hi! Im trying to set access from ServerA(SunOS) to ServerB(Some custom Linux with Keyboard Interactive login) with SSH Keys. As a proof of concept I was able to do it between 2 virtual machines. Now in my real life scenario it isnt working. I created the keys in ServerA, copied them to... (7 Replies)
Discussion started by: RedSpyder
7 Replies

9. UNIX for Advanced & Expert Users

How to pass password as a variable for sshpass authentication?

Using below below command i'm able to connect or authenticate server, In below command password contains special characters sshpass -v -p 'ASJBA%hs76)#' ssh -q -o ConnectTimeout=5 hostname But If I pass password as a variable I'm not able to connect or authenticate server, can you please help... (1 Reply)
Discussion started by: sam@sam
1 Replies

LEARN ABOUT NETBSD

pam.conf

PAM.CONF(5)						      BSD File Formats Manual						       PAM.CONF(5)

NAME

     pam.conf -- Pluggable Authentication Modules configuration file

DESCRIPTION

     The pam.conf file specifies how Pluggable Authentication Modules (PAM) should operate.  For an overview of the Pluggable Authentication Mod-
     ules framework, see pam(8).

     PAM may be configured using a single /etc/pam.conf configuration file or by using multiple configuration files, one for each PAM-aware ser-
     vice, located in the /etc/pam.d/ directory.  If /etc/pam.d/ exists, /etc/pam.conf will be ignored.  /etc/pam.d/ is the preferred method for
     configuring PAM.

     PAM's configuration is based on ``stacking'' different modules together to form a processing chain for the task.  A standard PAM configura-
     tion stanza is structured as follows:

	   [service-name] module-type control-flag module-name [options]

     service-name is used only (and is mandatory) in /etc/pam.conf.  It specifies the PAM-aware service whose PAM behavior is being configured.
     When /etc/pam.d/ is used, the name of the configuration file specifies the service.

     module-type specifies which of the four classes of PAM module functionality is being configured.  These four classes are account (account
     management), auth (authentication), password (password management), and session (session management).

     control-flag specifies the behavior of the processing chain upon success or failure of the PAM module's authentication task.  The following
     are valid values for control-flag:

     binding	 If the module succeeds and no earlier module in the chain has failed, the chain is immediately terminated and the request is
		 granted.  If the module fails, the rest of the chain is executed, but the request is ultimately denied.

     requisite	 If the module returns success, continue to execute the processing chain.  If the module fails, immediately return the error code
		 from the first 'required' failure.

     required	 If the module returns success, continue to execute the processing chain.  If the module fails, record as a 'required' failure and
		 continue to execute the processing chain.  If there are any 'required' failures in the processing chain, the chain will ulti-
		 mately return failure.

     optional	 If the module returns success, continue to execute the processing chain.  If the module fails, record as an 'optional' failure
		 and continue to execute the processing chain.

     sufficient  If the module returns success and there have been no recorded 'required' failures, immediately return success without calling any
		 subsequent modules in the processing chain.  If the module fails, return as an 'optional' failure and continue to execute the
		 processing chain.

     module-name specifies the module to execute for this stanza.  This is either an absolute path name or a path name relative to the default
     module location: /usr/lib/security.

     options are additional options that may be specified for the module.  Refer to the individual modules' documentation for more information on
     available options.

     In addition to the standard configuration stanza format, there is an additional stanza format available when /etc/pam.d/ is used:

	   module-type include service-name

     This stanza format provides a simple inheritance model for processing chains.

FILES

     /etc/pam.conf  monolithic PAM configuration file
     /etc/pam.d/    PAM service configuration file directory

EXAMPLES

     The following auth processing chain for the ``login'' service (located in /etc/pam.d/login) performs the following tasks: allows the login if
     the old user and new user are the same, verifies that logins are not disabled using the /var/run/nologin file, allows Kerberos 5 password
     authentication, and requires standard UNIX password authentication if Kerberos 5 failed:

	   auth    sufficient	   pam_self.so
	   auth    required	   pam_nologin.so
	   auth    sufficient	   pam_krb5.so
	   auth    required	   pam_unix.so

NOTES

     It is important to note that loading a chain will fail if any of the components of the chain fail to load or are not available.  A common
     situation when this can happen is on a system that where components such as kerberos(1) or crypto(3) have not been installed.  In that situa-
     tion pam_krb5(8), pam_ksu(8), or pam_ssh(8) might not be present in the system.  In order for a chain to load properly all non-present compo-
     nents must be removed from the chain.

SEE ALSO

     login(1), passwd(1), su(1), pam(3), pam(8)

HISTORY

     The pam.conf file format first appeared in NetBSD 3.0.

BSD
								  March 17, 2005							       BSD
All times are GMT -4. The time now is 11:06 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy