[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Integrated Login

Subject: Re: Integrated Login
From: "Ido Levy" <idol.levy@xxxxxxxxx>
Date: Tue, 25 Mar 2008 16:27:11 +0200
In-reply-to: <1206443683.1061.12.camel@xxxxxxxxxxxxxxx>
References: <OF61FF48AF.A9B184F9-ONC2257417.003216A1-C2257417.0032DEFC@xxxxxxxxxx> <1206437057.1061.4.camel@xxxxxxxxxxxxxxx> <74f065630803250228h7c163845yc811ee3e5dba7c82@xxxxxxxxxxxxxx> <74f065630803250349u34939ae2o8f0a9a2de1f4b700@xxxxxxxxxxxxxx> <1206443683.1061.12.camel@xxxxxxxxxxxxxxx>

The most optimized configuration I have reached is as follows.
Thank you for the help !!

sshd

auth       required     pam_listfile.so item=user sense=deny file=/etc/ssh/ssh_host_deny > auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so

account    required     pam_stack.so service=system-auth

password   required     pam_stack.so service=system-auth

session    required     pam_stack.so service=system-auth
session    required     pam_limits.so

system-auth

auth        required      pam_env.so
auth        optional      pam_krb5.so try_first_pass
auth        sufficient    pam_afs.so try_first_pass ignore_root set_token
auth        required      pam_deny.so

account     sufficient    pam_unix.so
account     sufficient    pam_krb5.so
account     sufficient    pam_ldap.so

password    requisite     pam_passwdqc.so min=disabled,8,8,8,8 passphrase=0 enforce=users
password    sufficient    pam_krb5.so use_authtok
password    required      pam_deny.so

session     required      pam_limits.so
session     optional      pam_krb5.so
session     optional      pam_ldap.so
session     required      pam_unix.so

Ido Levy

On Tue, Mar 25, 2008 at 1:14 PM, Tomas Mraz <tmraz@xxxxxxxxxx> wrote:

On Tue, 2008-03-25 at 12:49 +0200, Ido Levy wrote:
> Hello,
>

> Following your advice I have successfully setup integrated login for
> ssh.
> I got both AFS token and Kerberos 5 ticket.
>
> Following are the PAM files of sshd and system-auth:
> I have a few questions regarding the setup of sshd PAM file that looks
> a little strange for me although it's working and satisfy my needs.
>
> sshd

Here is my recommendation - try if that works:

#%PAM-1.0
auth required pam_listfile.so item=user sense=deny file=/etc/ssh/ssh_host_deny >
auth required pam_stack.so service=system-auth

auth required pam_nologin.so

account required pam_stack.so service=system-auth

password required pam_stack.so service=system-auth

session required pam_stack.so service=system-auth
session required pam_limits.so

system-auth

#%PAM-1.0
auth required pam_env.so

auth required pam_krb5.so
auth sufficient pam_afs.so try_first_pass ignore_root set_token

auth required pam_deny.so

account sufficient pam_unix.so
account sufficient pam_krb5.so
account sufficient pam_ldap.so

password requisite pam_passwdqc.so min=disabled,8,8,8,8 passphrase=0 enforce=users

password sufficient pam_krb5.so use_authtok

password required pam_deny.so

session required pam_limits.so
session optional pam_krb5.so
session optional pam_ldap.so
session required pam_unix.so

--

Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

References:
- Integrated Login
  - From: Ido Levy
- Re: Integrated Login
  - From: Tomas Mraz
- Re: Integrated Login
  - From: Ido Levy
- Re: Integrated Login
  - From: Ido Levy
- Re: Integrated Login
  - From: Tomas Mraz

Prev by Date: Re: Integrated Login
Next by Date: Notification of number of unsuccessful login attempts
Previous by thread: Re: Integrated Login
Next by thread: Notification of number of unsuccessful login attempts
Index(es):
- Date
- Thread

[Home] [Kernel List] [Red Hat Install] [Linux for the blind] [Red Hat Watch List] [Gimp] [Kerberos: The Definitive Guide]

Powered by Linux