Linux security: Authenticate your users and know what they're up to

Linux security: Authenticate your users and know what they're up to - Search Enterpri

5 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Windows AD users authenticate to Linux

Hello folks, Please advise me what is the best way to authenticate Windows AD users against Linux machines. Currently I am going to take a look of Vintela Authentication Services and please let me know if you have experience with VIntela. Thanks in advance

2. AIX

AIX LDAP client authenticate against Linux Openldap server over TLS/SSL

Hi folks, How can i configure an AIX LDAP client to authenticate against an Linux Openldap server over TLS/SSL? It works like a charm without TLS/SSL. i would like to have SSL encrypted communication for ldap (secldapclntd) and ldapsearch etc. while accepting every kind of certificate/CA....

3. IP Networking

Linux Client To Authenticate using TACACS

I have customer who controls access to the internet via TACACS server, basically a PIX firewall uses authentication from the TACACS to say if traffic is allowed to pass out of the gateway. I can't find anything on how to configure a linux client of TACACS authentication only how to set up a linux...

4. Linux

Using squid_db_auth to authenticate squid users against SQLite

Hi guys, Can we use squid_db_auth to authenticate squid users against SQLite database? I googled but all configurations are in MySQL.

5. AIX

Authenticate AIX users from MS Active Directory

First, let me start off saying this is not spam. This is me trying to help out other AIX Admins with MS AD servers. If it is not applicable to you, someone else will find it useful. As long as the "KDC" service is running on your AD server, these steps should work. There should be no...

LEARN ABOUT DEBIAN

dnetd.conf

DNETD.CONF(5)							File Formats Manual						     DNETD.CONF(5)

NAME

       /etc/dnetd.conf - DECnet objects file

DESCRIPTION

       /etc/dnetd.conf is an ASCII file which contains the description of the objects known to the DECnet super-server dnetd.

       There is one entry per line, and each line has the format:

	      Name  Number Authenticate User command

       The field descriptions are:

	      Name	The  name  of  the  object. For numbered objects this appears only for documentation purposes. For named objects it is the
			actual object name. There is a special object name * which can execute an arbitrarily named program or script (see later).

	      Number	the DECnet object number. These numbers should match the well-known object numbers in a VMS object database. If the object
			number is zero then the name is used. There should be no duplicate object numbers in the file apart from number 0.

	      Authenticate
			Whether  to  authenticate incoming connections. This flag should be a Y or N. If it is Y then incoming connections will be
			authenticated either by the username and password given on the remote command line or by the DECnet  proxy  database  dec-
			net.proxy.  If it is N then the next field specifies the username that the daemon will be run as.

	      Username	The  username  that daemon will be run as if the incoming command is not authenticated (ie the Authenticate flag is set to
			N). if this username does not exist, and Authenticate is set to N then incoming connections for that object will fail.

	      Command	This is the name and arguments of the command to run when a connection is received for the object. If  it  is  the  string
			"internal"  then  the  object will be handled by dnetd if it can. Currently only MIRROR and arbitrary TASKs can be handled
			internally by dnetd.
			If the name starts with a slash then it is assumed to be the full path of the program to  run.	If  not  then  dnetd  will
			search its default directory for program files.

NOTES

       When an incoming connection is handled by dnetd it forks and executes the command named in the command field with stdin and stdout pointing
       to the DECnet socket. stderr will be set to /dev/null. The DECnet daemons supplied in the dnprogs suite automatically detect  this  and	so
       can be run from dnetd or standalone.
       There is a subtle difference between objects handled by the special name * and those explicitly named in the file:
       Objects	handled by name "*" internally are run under control of a pseudo-tty which means they appear to be talking to a terminal and CR/LF
       conversion will be done so that TYPE "0=TASK" will produce sensible output on VMS.
       Objects explicitly named just connect directly to the DECnet socket so cannot take advantage of tty services and do not have CR/LF  conver-
       sion  done  for	them. Of course these objects are more secure because the system administrator has total control over which objects can be
       run.
       dnetd will convert all task names to lower case. This is for convenience more than anything else because VMS converts them to uppercase and
       all uppercase files names are unwieldy on Unix.
       It is recommended that arbitrary objects be run as a special anonymous user to avoid security problems.
       Any changes to /etc/dnetd.conf will take effect immediately you do not need to tell dnetd that it has changed.

EXAMPLE

       This is the default file provided. Note that the "*" object is commented out for security reasons.
	  # /etc/dnetd.conf
	  #
	  # name	 number     auth?     user	 command
	  #
	  FAL		 17	    Y	      none	 fal
	  MIRROR	 25	    Y	      root	 internal
	  MAIL		 27	    N	      vmsmail	 vmsmaild
	  CTERM 	 42	    N	      root	 ctermd
	  DTERM 	 23	    N	      root	 rmtermd
	  # *		    0	      Y 	none	   internal

SEE ALSO

       decnet.proxy(5), dnetd(8)

DECnet for Linux						  5 December 1999						     DNETD.CONF(5)

UNIX and Linux RSS News