Andreas G. Schindler | 1 Mar 11:56 2004
Picon

Re: Pam-list digest, Vol 1 #933 - 1 msg

pam-list-request <at> redhat.com wrote:

> Send Pam-list mailing list submissions to
> 	pam-list <at> redhat.com
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://www.redhat.com/mailman/listinfo/pam-list
> or, via email, send a message with subject or body 'help' to
> 	pam-list-request <at> redhat.com
> 
> You can reach the person managing the list at
> 	pam-list-admin <at> redhat.com
> 
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Pam-list digest..."
> 
> 
> 
> ------------------------------------------------------------------------
> 
> Today's Topics:
> 
>    1. mod_auth_pam and groups (Jean-Rene Cormier)
> 
> 
> ------------------------------------------------------------------------
> 
> Subject:
> mod_auth_pam and groups
> From:
(Continue reading)

Liew Toh Seng | 3 Mar 09:00 2004
Picon

password security

Hi
can i know how to change the password security level to lower.  
currently, the system need to ket in Alpha Numeric in order to change  
password, if not will get error. i want to change it to lower so that  
it will take anything.

------------------------------------------------------------------------ 
-------
Best Regards
Liew Toh Seng
Icq No: >> 36835809 <<
MSN: >> tohseng <at> hotmail.com <<
* .--.
* |o_o |
* |:_/ |
* //
* (| | )
* /'\_ _/` The Internet Solution Company
* \___)=(___   My Directory Sdn Bhd
ddembrow | 3 Mar 14:01 2004

Re: password security


If the error messages are due to the dictionary look-up,
I managed to get around the dictionary look-up restrictions by
generating an empty dictionary in place of the one pam uses.

Hope that helps,
---d.dembrow

                                                                                                                                     
                      Liew Toh Seng                                                                                                  
                      <tohseng <at> www.net.        To:       pam-list <at> redhat.com                                                         
                      my>                      cc:                                                                                   
                      Sent by:                 Subject:  password security                                                           
                      pam-list-admin <at> re                                                                                              
                      dhat.com                                                                                                       

                                                                                                                                     
                      03/03/2004 03:00                                                                                               
                      AM                                                                                                             
                      Please respond to                                                                                              
                      pam-list                                                                                                       

Hi
can i know how to change the password security level to lower.
currently, the system need to ket in Alpha Numeric in order to change
password, if not will get error. i want to change it to lower so that
it will take anything.

------------------------------------------------------------------------
-------
(Continue reading)

Liew Toh Seng | 4 Mar 01:49 2004
Picon

Re: password security

how to do that.

On 03/03/2004, at 9:01 PM, ddembrow <at> nlxcorp.com wrote:

>
> If the error messages are due to the dictionary look-up,
> I managed to get around the dictionary look-up restrictions by
> generating an empty dictionary in place of the one pam uses.
>
> Hope that helps,
> ---d.dembrow
>
>
>
>
>                       Liew Toh Seng
>                       <tohseng <at> www.net.        To:        
> pam-list <at> redhat.com
>                       my>                      cc:
>                       Sent by:                 Subject:  password  
> security
>                       pam-list-admin <at> re
>                       dhat.com
>
>
>                       03/03/2004 03:00
>                       AM
>                       Please respond to
>                       pam-list
>
(Continue reading)

N. Owen Gunden | 4 Mar 04:06 2004

pam_console_apply segfault

Hi-

Apologies if this question has been asked recently, the search function
on the archives seems to be out of order.

Since I switched from devfs to udev, I've been having the following
problem:

# /sbin/pam_console_apply -r
getgrnam failed for usb
zsh: segmentation fault  pam_console_apply -r

I've tried stracing the command looking for why the "getgrnam failed for
usb" comes up, but I can't figure it out.  I noted that I don't have a
/dev/usb but making one doesn't help.  I also don't have a /proc/usb,
but I do have a /proc/bus/usb (did that change from 2.4 -> 2.6?).

Further system info:
PAM 0.77 compiled with gcc 3.3.3 and CFLAGS="-march=athlon-xp -O2 -pipe".
Kernel 2.6.3.

TIA,
 - O
Ethan Benson | 4 Mar 10:22 2004
Picon
Picon

Re: password security


On Thu, Mar 04, 2004 at 08:49:57AM +0800, Liew Toh Seng wrote:
> how to do that.

deleting the dictionaries is not the right way to accomplish what you
want.  what you want to do is disable the strength checking module for
the passwd service.

edit /etc/pam.d/passwd

you will find a line referring to pam_cracklib.so most likely, this is
what is forcing users to not use foolish, guessable, insecure, unsafe
passwords, remove this line to allow users to be stupid.

also if pam_unix.so has the `obscure' argument remove that as well.

result would look something like this:

#%PAM-1.0

# The PAM configuration file for the Shadow `passwd' service

password    required    pam_unix.so nullok md5

do be aware that allowing users to pick stupid passwords will all but
guarentee intruder access to your systems by way of guessed passwords,
if your in a non-networked environment this may not be an issue however.

--

-- 
Ethan Benson
(Continue reading)

lu.peng | 4 Mar 14:50 2004

about pam programming , plz help.

hi , all
  
     environment is : postfix + cyrus sasl + pam .
     when need to do authenticate , postfix will invoke the sasl_server_new() to create a new context for this session of connection. 
     then the pam module can get some info from that session,such as username and passwd .
     my problem is , i want to pass one of my self-defined args to pam module , but i don't know how to program in postfix and pam module .
 
     thanks in advance .
    
sunitha kumar | 4 Mar 19:27 2004
Picon

putting cracklib check in /etc/pam.d/passwd

Hi,
I am trying to use pam_cracklib to verify the strength of password, 
whenever, a password gets changed. So, I have this entry in 
/etc/pam.d/passwd:
password required       /lib/security/pam_cracklib.so retry=3 type=MY_UNIX 
dcredit=2 ucredit=2 ocredit=2 lcredit=0 minlen=5 difok=4

password required       pam_pwdb.so use_authtok shadow md5

I get the MY_UNIX changes when I change password, but, dont get the retry to 
be 3. Is cracklib failing. How do I set up debugging on this?
And, finally, should pam_pwdb be pam_unix.so ?
thanks,
-sunitha

_________________________________________________________________
Find things fast with the new MSN Toolbar – includes FREE pop-up blocking! 
http://clk.atdmt.com/AVE/go/onm00200414ave/direct/01/
firstcon | 4 Mar 22:47 2004
Picon
Picon

Problem with ipop3d and pam_mysql

Hi all,

i've got a problem with ipo3d and pam_mysql on Redhat 9.

I've compiled and installed pam_mysql 0.5 sucessfully.

I put those three lines to /etc/pam.d/pop:

#%PAM-1.0
auth        required    /lib/security/pam_mysql.so user=dbuser host=someip passwd=somepass db=mydb
table=email crypt=0
account     required    /lib/security/pam_mysql.so user=dbuser host=someip passwd=somepass db=mydb
table=email crypt=0

The MySQL-Server is up and running on a remote host.
With the 'mysql' client i can access the remote mysqlserver.
I can access the database and the table and do some selects.

Everything's fine until i try to use ipop3d:

When i launch ipop3d and do some logins from the shell, it does
not even try to connect to the remote mysqlserver.

I recompiled pam_mysql.so with #define DEBUG and expected to see
some syslog messages. I don't see any syslog messages from
pam_mysql.

It looks like pam_mysql.so is not invoked. I did an additional
syslog message in pam_mysql.c right at the beginning to make
absolutely sure that it prints something to syslog when it is
invoked. Nothing.

On the other hand, if i comment out the 'auth' and 'account'
lines in /etc/pam.d/pop and put these 2 lines in it:

auth       required     /lib/security/pam_stack.so service=system-auth
account    required     /lib/security/pam_stack.so service=system-auth

.. i can access ipop3d with a local system user. That means that
PAM generally seems to be active at this point.

Anyone has an idea what i can try to get further information why
pam_mysql.so doesn't work?

By the way, on another old 7.3 install it works quite well.

Hopefully someone has an idea ...

Kind regards,
Andy
Aaron Konstam | 4 Mar 23:45 2004

Re: Problem with ipop3d and pam_mysql

On Thu, Mar 04, 2004 at 10:47:31PM +0100, firstcon wrote:
> Hi all,
> 
> i've got a problem with ipo3d and pam_mysql on Redhat 9.
> 
> I've compiled and installed pam_mysql 0.5 sucessfully.
> 
> I put those three lines to /etc/pam.d/pop:
> 
I know that I revealing my ignorance. But what does ipop3d (a mail
service) have to do with mysql?
--

-- 
-------------------------------------------
Aaron Konstam
Computer Science
Trinity University
One Trinity Place.
San Antonio, TX 78212-7200

telephone: (210)-999-7484
email:akonstam <at> trinity.edu

Gmane