Hi, I have RH9 and noted that when a user or root change a user password, the change is not logged in syslog. Is there any special setting to configure, so I can log when a user change his password? Many Thanks Oliver -- -- Oliver Schulze L. <oliver <at> samera.com.py>
Hi, There was nearly no Linux-PAM development in the past and every distributor ships a very huge number of patches. This becomes more and more a nightmare to maintain. Andrew, do you have any plans for the near future with Linux-PAM? Else I would suggest that the distribution maintainers should try to merge all the usefull patches into CVS, so that we have at least again a common code base. Some of us have CVS write access, so this should be possible. Other ideas how to procede? Thorsten -- -- Thorsten Kukuk http://www.suse.de/~kukuk/ kukuk <at> suse.de SuSE Linux AG Maxfeldstr. 5 D-90409 Nuernberg -------------------------------------------------------------------- Key fingerprint = A368 676B 5E1B 3E46 CFCE 2D97 F8FD 4E23 56C6 FB4B
Well, I finally seem to be receiving posts to the list, so I'll send this a third time. I do not know if this is the first, second, or third time you've seen this request. I apologize if it's the second or third. Any help would be appreciated. If someone has already responded I'd appreciate you forwarding it back to me, as I have not received any posts to this list until yesterday. Thanks, -------------------------------------------------------------------------- Sorry, if this is a duplicate. I've been having trouble with my subscription, so I haven't been getting anything from this list. -------- I'm trying to use challengeresponse/skey to login to my server via ssh. In my sshd_config file I have: PasswordAuthentication no #ChallengeResponseAuthentication yes - I assume this is the default since "#" ... UsePAM yes and my /etc/pam.d/sshd looks like standard: #%PAM-1.0 auth required pam_stack.so service=system-auth auth required pam_shells.so auth required pam_nologin.so account required pam_stack.so service=system-auth password required pam_stack.so service=system-auth session required pam_stack.so service=system-auth(Continue reading)
|> I'm trying to use challengeresponse/skey to login to my server via ssh. |> In my sshd_config file I have: |> |> PasswordAuthentication no |> #ChallengeResponseAuthentication yes - I assume this is the default since |> "#" ... |> UsePAM yes |> |> and my /etc/pam.d/sshd looks like standard: |> #%PAM-1.0 |> |> auth required pam_stack.so service=system-auth |> auth required pam_shells.so |> auth required pam_nologin.so |> account required pam_stack.so service=system-auth |> password required pam_stack.so service=system-auth |> session required pam_stack.so service=system-auth |> |> My question is how do I get sshd to stop offering me unix password as an |> authentication option. You might want to first look into client options. Specifically, in your client's ssh_config file (or whatever config file your client is reading), use the 'PreferredAuthentications' directive to specify the order in which various authentication methods are attempted by the client. Hope that helps, Michael(Continue reading)
pam <at> madsteer.com wrote:
> session required pam_stack.so service=system-auth
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Check and see which modules are getting pulled in by these calls to
pam_stack.so. Look at /etc/pam.d/system-auth.
Red Hat, RH-derived, and a number of other systems use this to allow
easy changes to the authentication method(s) usable by ALL (or most)
services.
-kgd
--
--
Get your mouse off of there! You don't know where that email has been!
>You might want to first look into client options. Specifically, in your >client's ssh_config file (or whatever config file your client is reading), >use the 'PreferredAuthentications' directive to specify the order in which >various authentication methods are attempted by the client. >Hope that helps, >Michael Thanks for the response. I can play around with this a bit, but it's reall hard getting the hackers to change there client settings accordintly! :) Thanks,
pam <at> madsteer.com wrote:
>> session required pam_stack.so service=system-auth
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>Check and see which modules are getting pulled in by these calls to
>pam_stack.so. Look at /etc/pam.d/system-auth.
>
>Red Hat, RH-derived, and a number of other systems use this to allow easy
>changes to the authentication method(s) usable by ALL (or most) services.
>
>-kgd
Here's what it looks like:
#%PAM-1.0
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_unix.so nullok md5 shadow use_authtok
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.s0
I'm assuming all the magic is happening in pam_unix. A quick look at
(Continue reading)
On Fri, 13 Aug 2004 14:49:14 -0500 pam <at> madsteer.com wrote: > Well, I finally seem to be receiving posts to the list, so I'll send > this a third time. I do not know if this is the first, second, or > third time you've seen this request. I apologize if it's the second > or third. Any help would be appreciated. If someone has already > responded I'd appreciate you forwarding it back to me, as I have not > received any posts to this list until yesterday. > > Thanks, > ------------------------------------------------------------------- > ------- > > Sorry, if this is a duplicate. I've been having trouble with my > subscription, so I haven't been getting anything from this list. > > -------- > > I'm trying to use challengeresponse/skey to login to my server via > ssh. In my sshd_config file I have: > > PasswordAuthentication no > #ChallengeResponseAuthentication yes - I assume this is the default > since"#" ... > UsePAM yes > > and my /etc/pam.d/sshd looks like standard: > #%PAM-1.0 >(Continue reading)
Hi, I'm trying to get pam_mount going to mount a samba share on login over openssh, but it doesn't seem to be working. It seems that after authentication, openssh is launching a new process which calls pam_open_session, and so the pam_mount module can't access the data it stored when authenticating. Has anyone else hit this problem and successfully worked around it? Here's the debug output (I threw some of my own debug statements into the code) Aug 16 09:11:27 vpntest sshd[16437]: pam_sm_authenticate called Aug 16 09:11:27 vpntest sshd[16437]: pam_mount: enter read_password Aug 16 09:11:30 vpntest sshd[16437]: pam_sm_authenticate saved, pamh handle 134863464 Aug 16 09:11:30 vpntest sshd[16438]: pam_sm_open_sesion pamh: 134863464 Aug 16 09:11:30 vpntest sshd[16438]: pam_mount: user is cjensen Aug 16 09:11:30 vpntest sshd[16438]: pam_mount: error trying to retrieve authtok from auth code
> I'm trying to get pam_mount going to mount a samba share on login over > openssh, but it doesn't seem to be working. > > It seems that after authentication, openssh is launching a new > process which calls pam_open_session, and so the pam_mount module > can't access the data it stored when authenticating. > > Has anyone else hit this problem and successfully worked around it? > > Here's the debug output (I threw some of my own debug statements into the code) > > Aug 16 09:11:27 vpntest sshd[16437]: pam_sm_authenticate called > Aug 16 09:11:27 vpntest sshd[16437]: pam_mount: enter read_password > Aug 16 09:11:30 vpntest sshd[16437]: pam_sm_authenticate saved, pamh > handle 134863464 > Aug 16 09:11:30 vpntest sshd[16438]: pam_sm_open_sesion pamh: 134863464 > Aug 16 09:11:30 vpntest sshd[16438]: pam_mount: user is cjensen > Aug 16 09:11:30 vpntest sshd[16438]: pam_mount: error trying to > retrieve authtok from auth code Have you read the portion of the FAQ that addresses OpenSSH? -- -- Mike :wq
RSS Feed11 | |
|---|---|
3 | |
2 | |
11 | |
6 | |
6 | |
121 | |
7 | |
7 | |
1 | |
1 | |
2 | |
9 | |
8 | |
15 | |
15 | |
21 | |
7 | |
7 | |
21 | |
14 | |
7 | |
1 | |
6 | |
4 | |
10 | |
21 | |
3 | |
7 | |
1 | |
9 | |
18 | |
11 | |
1 | |
7 | |
14 | |
7 | |
14 | |
3 | |
32 | |
7 | |
36 | |
33 | |
14 | |
5 | |
23 | |
30 | |
23 | |
14 | |
6 | |
21 | |
44 | |
23 | |
4 | |
33 | |
48 | |
24 | |
43 | |
27 | |
18 | |
21 | |
35 | |
38 | |
35 | |
66 | |
39 | |
37 | |
24 | |
15 | |
44 | |
62 | |
20 | |
24 | |
21 | |
19 | |
19 | |
27 | |
14 | |
30 | |
14 | |
32 | |
29 | |
20 | |
30 | |
59 | |
24 | |
29 | |
79 | |
35 | |
12 | |
24 | |
27 | |
24 | |
29 | |
29 | |
44 | |
82 | |
25 | |
64 | |
53 | |
74 | |
45 | |
31 | |
83 | |
66 | |
28 | |
41 | |
70 | |
22 | |
54 | |
29 | |
47 | |
89 | |
44 | |
56 | |
34 | |
85 | |
93 | |
65 | |
84 | |
56 | |
77 | |
51 | |
30 | |
59 | |
76 | |
71 | |
80 | |
112 | |
80 | |
31 | |
1 |
