|
|
Sponsored Content
Operating Systems
Linux
Assigning Authorization to a user
Post 69448 by killerserv on Thursday 14th of April 2005 09:26:20 PM
04-14-2005
|
|
10 More Discussions You Might Find Interesting
1. OS X (Apple)
I am building an installable package (.pkg) with PackageMaker 1.1.11 (that's the one that comes with Panther).
The package is for installing things both to /Applications and to some folders in /Library (/Library/StartupItems and a new folder that I'm putting in /Library).
I do (obviously) not... (4 Replies)
Discussion started by: ropers
4 Replies
2. UNIX for Advanced & Expert Users
I have ssh setup on 2 boxes ( aix / linux ).
building a batchjob i have made a plaintext key.
I force the command in the authorized_keys file
running from aix -> linux
ssh -i ~/.ssh/batchkey user@remote works perfect
but from linux -> aix
it get the following
debug1:... (1 Reply)
Discussion started by: progressdll
1 Replies
3. Programming
Greetings,
I am writing a C socket application that needs NTLM authorization before it can post HTTP requests, and
I am having trouble with NTLM authorization messages.
:b: I've found the following urls extremely valuable for creating message functions:
Davenport WebDAV-SMB Gateway... (1 Reply)
Discussion started by: edvin
1 Replies
4. UNIX for Advanced & Expert Users
I see a lot of thread on LDAP Authentication but I want to enable LDAP Authentication with Authorization. Meaning, removing the user ID's and groups from the local servers and move them to an LDAP server. When a user logs in (via LDAP) they will be given their group memberships and access to the... (3 Replies)
Discussion started by: scottsl
3 Replies
5. Red Hat
Good day to anyone. I need your help.
I want to create a centralization server for authorization my users via SSH connections. My manager suggested me a RADIUS + PAM, but frankly speaking I read a lot information about these and understood one thing - RADIUS could work only with password... (0 Replies)
Discussion started by: jess_t03
0 Replies
6. BSD
Dear all,
I've got problems with X server authentication using `xauth'. The problem is, that I have my local computer running NetBSD 5.1 and a remote computer in LAN which is running Debian GNU Linux. During the login to my NetBSD computer `xdm' generates a magic cookie for my DISPLAY. Then I... (2 Replies)
Discussion started by: sidorenko
2 Replies
7. Red Hat
Hello,
I am working on setup LDAP Server and facing issue related to assigning user to a group. Below is the LDAP structure i am using.
I have created Users,Groups and Servers ou's and sub ou's added to the same or Users as well as Groups OU.
Logged in as: cn=Manager,dc=bebolabs,dc=net
... (0 Replies)
Discussion started by: sunnysthakur
0 Replies
8. UNIX for Advanced & Expert Users
The company I work for is trying to implement Sudoers.LDAP to centralize their sudoers infrastructure so the access management team and compliance teams don't have to run ragged over all of our servers. The AD team decided it would be better to set up a separate LDAP server rather than put a new... (1 Reply)
Discussion started by: Wolvendeer
1 Replies
9. Solaris
hello....am trying to install Oracle 11gR2 RAC on Solaris 11 using Oracle Virtualbox, am stucked somewhere when trying to assign disk to grid user......I created five disks of 5GB each for ASM, I formatted them successfully but when trying to assign them to grid user, there is no changes as still... (2 Replies)
Discussion started by: Magwai
2 Replies
10. Solaris
Hi
I need to assign proc_owner privilege to particular user through RBAC. How can I assign this privilege to user, I need help on this.
Further I need to understand if I give this proc_owner privilege to particular user, what kind of control user will get on other user or system processes... (7 Replies)
Discussion started by: sb200
7 Replies
LEARN ABOUT CENTOS
pam_ssh_agent_auth
pam_ssh_agent_auth(8) PAM pam_ssh_agent_auth(8) PAM_SSH_AGENT_AUTH This module provides authentication via ssh-agent. If an ssh-agent listening at SSH_AUTH_SOCK can successfully authenticate that it has the secret key for a public key in the specified file, authentication is granted, otherwise authentication fails. SUMMARY
/etc/pam.d/sudo: auth sufficient pam_ssh_agent_auth.so file=/etc/security/authorized_keys /etc/sudoers: Defaults env_keep += "SSH_AUTH_SOCK" This configuration would permit anyone who has an SSH_AUTH_SOCK that manages the private key matching a public key in /etc/security/authorized_keys to execute sudo without having to enter a password. Note that the ssh-agent listening to SSH_AUTH_SOCK can either be local, or forwarded. Unlike NOPASSWD, this still requires an authentication, it's just that the authentication is provided by ssh-agent, and not password entry. ARGUMENTS
file=<path to authorized_keys> Specify the path to the authorized_keys file(s) you would like to use for authentication. Subject to tilde and % EXPANSIONS (below) allow_user_owned_authorized_keys_file A flag which enables authorized_keys files to be owned by the invoking user, instead of root. This flag is enabled automatically whenever the expansions %h or ~ are used. debug A flag which enables verbose logging sudo_service_name=<service name you compiled sudo to use> (when compiled with --enable-sudo-hack) Specify the service name to use to identify the service "sudo". When the PAM_SERVICE identifier matches this string, and if PAM_RUSER is not set, pam_ssh_agent_auth will attempt to identify the calling user from the environment variable SUDO_USER. This defaults to "sudo". EXPANSIONS
~ -- same as in shells, a user's Home directory Automatically enables allow_user_owned_authorized_keys_file if used in the context of ~/. If used as ~user/, it would expect the file to be owned by 'user', unless you explicitely set allow_user_owned_authorized_keys_file %h -- User's Home directory Automatically enables allow_user_owned_authorized_keys_file %H -- The short-hostname %u -- Username %f -- FQDN EXAMPLES
in /etc/pam.d/sudo "auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys" The default .ssh/authorized_keys file in a user's home-directory "auth sufficient pam_ssh_agent_auth.so file=%h/.ssh/authorized_keys" Same as above. "auth sufficient pam_ssh_agent_auth.so file=~fred/.ssh/authorized_keys" If the home-directory of user 'fred' was /home/fred, this would expand to /home/fred/.ssh/authorized_keys. In this case, we have not specified allow_user_owned_authorized_keys_file, so this file must be owned by 'fred'. "auth sufficient pam_ssh_agent_auth.so file=/secure/%H/%u/authorized_keys allow_user_owned_authorized_keys_file" On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar/fred/authorized_keys. In this case, we specified allow_user_owned_authorized_keys_file, so fred would be able to manage that authorized_keys file himself. "auth sufficient pam_ssh_agent_auth.so file=/secure/%f/%u/authorized_keys" On a host named foobar.baz.com, and a user named fred, would expand to /secure/foobar.baz.com/fred/authorized_keys. In this case, we have not specified allow_user_owned_authorized_keys_file, so this file must be owned by root. v0.8 2009-08-09 pam_ssh_agent_auth(8)