Pluggable Authentication Modules

Jason Gerfen | 1 Nov 2005 16:55

Picon

pam_krb5+ldap testing?

I am sure there are people out there are currently using a combination 
of ldap and kerberos of linux client authentication and am wondering if 
I can possibly solicit some assistance in testing a module that is a 
modification of the latested pam_krb5 module?

--

-- 
Jason Gerfen

"My girlfriend threated to
 leave me if I went boarding...
 I will miss her."
 ~ DIATRIBE aka FBITKK

Oliver Schulze L. | 1 Nov 2005 23:16

Re: The infamous "check pass; user unknown"

Hi,
is there any news about this? Any patch or bug#?

I'm interested in porting the solution to RHEL4

Many thanks
Oliver

Tomas Mraz wrote:

>On Thu, 2005-04-28 at 11:56 -0400, Oliver Schulze L. wrote:
>
>  
>
>>The problem is that in /var/log/messages I get this 2 lines for every 
>>*sucessfull*
>>login. That is for every kind of login: console, pop3, imap, ssh, etc
>>
>>Apr 28 11:53:00 server app(pam_unix)[13817]: check pass; user unknown
>>Apr 28 11:53:00 server app(pam_unix)[13817]: authentication failure; 
>>logname= uid=0 euid=0 tty= ruser= rhost=
>>    
>>
>
>This is fixed in the FC4 test releases already.
>
>  
>

--

--

(Continue reading)

Raj | 2 Nov 2005 02:55

Picon

looking for pam_tacplus with "use_first_pass" option..

any links for pam_tacplus which supports
"use_first_pass" option?

the one I have doesn't support it.

thanks
Raj

		
__________________________________ 
Yahoo! FareChase: Search multiple travel sites in one click.
http://farechase.yahoo.com

Thorsten Kukuk | 2 Nov 2005 09:19

Picon

Linux-PAM 0.81 released


This is release fixes only a security issue in pam_unix module and a
regression in pam_limits introduced with version 0.80.

When SELinux was enabled the unix_chkpwd helper didn't verify the user
which was executing it and if SELinux policy didn't prevent it or if
SELinux was running in permissive mode it would allow brute force
attacks on other users passwords. The new release adds additional check
before password verification and logs attempts with wrong password.

Some user limits set in the limits.conf were applied incorrectly. The
new release fixes the problem.

Dmitry V. Levin,
Sebastien Tricaud,
Thorsten Kukuk,
Tomas Mraz.

--

-- 
Thorsten Kukuk         http://www.suse.de/~kukuk/      kukuk <at> suse.de
SUSE LINUX Products GmbH       Maxfeldstr. 5       D-90409 Nuernberg
--------------------------------------------------------------------    
Key fingerprint = A368 676B 5E1B 3E46 CFCE  2D97 F8FD 4E23 56C6 FB4B

Jason Clifford | 2 Nov 2005 12:59

Anyone willing to write a module for a bounty?

I have a need for a pam module similar to pam_listfile that will lookup an 
item from a mysql database table.

pam_mysql is not suitable as I'm not looking to authenticate a user login 
but rather to check against a list of authorised items (usernames, IP 
addresses, etc).

I'm not really comfortable writing this myself though so I'm hoping 
someone out there is willing to consider doing so - I am willing to pay 
for this although there isn't a great deal of money in the bank.

Jason Clifford
--

-- 
UKFSN.ORG		     Finance Free Software while you surf the 'net
http://www.ukfsn.org/	       2Mb ADSL Broadband from just £14.98 / month 
http://www.linuxadsl.co.uk/	     ADSL Routers from just Â£21.98

Hannes Krueger | 8 Nov 2005 13:12

Picon

pam_limits not effective

Hi out there,

I tried to set some hard memory limits using /etc/secutity/limits.conf
I set hard limits for my user for rss, data, stack, memlock 1000
I also set a maxlogins of 4.
I added "session required pam_limits.so" to /etc/pam.d/xdm and login.

I was able to verify that the maxlogins limit works.
all other limits seem to be without effect.

Is there anything else to do?
Are there any special requirements to the kernel?

I'm using 2.6.5-7.201-default (Suse kernel)

# Class Based Kernel Resource Management
#
CONFIG_CKRM=y
CONFIG_RCFS_FS=m
CONFIG_CKRM_TYPE_TASKCLASS=y
CONFIG_CKRM_RES_NUMTASKS=m
CONFIG_CKRM_CPU_SCHEDULE=y
# CONFIG_CKRM_CPU_SCHEDULE_AT_BOOT is not set
CONFIG_CKRM_RES_BLKIO=y
CONFIG_CKRM_TYPE_SOCKETCLASS=y
CONFIG_CKRM_RBCE=m
CONFIG_CKRM_CRBCE=m
CONFIG_DELAY_ACCT=y
CONFIG_KALLSYMS=y
CONFIG_FUTEX=y

(Continue reading)

Philippe C. Martin | 8 Nov 2005 17:18

PAM newbie

Hi,

I am attempting to write a windows-GINA-like logon manager for GNU/Linux: 
gdk/kmd/xdm + smart card support. 
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthn/security/gina.asp

To make things simple  I intend to write most of it in Python (I have found 
this PAM wrapper: http://packages.debian.org/unstable/python/python2.3-pam.

The architecture should be gdm-like: 
http://www.gnome.org/projects/gdm/gdmtalk.pdf with a smart card event manager 
added: www.snakecard.com/WordPress.

My current understanding is (simplified):

rc.local launches my "gdm" which in turn forks the various daemons:
1) smart event manager
2) greater (gdm uses two layers) here

Simple sequence of event:
1) the PC boots and a "regular" logon dialog box (username + password) is 
displayed (this is the greater)
2) the user inserts a card, the dialog box is replaced by another one which 
requests a PIN code
3) the greater calls an external module  that authenticates the cards, gives 
it the PIN code, retrieves username and password and logs on.

Is that external module a PAM module ?

Where should I start to study PAM ?

(Continue reading)

Adm.rodrigo | 21 Nov 2005 11:56

Picon

Re: Anyone willing to write a module for a bounty?

Hi! :D

Wed, 2 Nov 2005 11:59:15 +0000 (GMT)
Jason Clifford <jason <at> ukpost.com> escreveu:

JC> I have a need for a pam module similar to pam_listfile that will lookup
an 
JC> item from a mysql database table.

What I did was basicaly a merge from pam_mysql and pam_listfile module.  I
did not include the apply option from the pam_listfile module because I did
not understand it, but it may be included in future versions.

Theres much todo, some of it I have put in the TODO file, but this first
version seems to do what jason has asked.  Please try it out, if something
goes wrong please turn debug on and send me the syslog output.

Regards,
  Rodrigo Wanderley
________________________________________________________
Venha para a DIGINET - O maior e melhor provedor do RN! 
Ligue e assine:		4 0 0 8 - 9 0 0 0

http://www.digi.com.br

--

-- 
Esta mensagem foi verificada pelo sistema de anti-virus e
 acredita-se estar livre de perigo.

(Continue reading)

Thorsten Kukuk | 21 Nov 2005 16:37

Picon

Linux-PAM 0.99.2.0 released


Hello,

The Linux-PAM developement team is pleased to announce the release
of version 0.99.2.0.

This release is the first version based on autoconf, automake and
libtool which is declared as "stable" by the Authors.

We would like to ask all Linux Distributors to update to this version,
the old "0.8x" branch will be no longer supported.

Beside the security fix from the 0.81 release it contains the
following changes since 0.99.1.0:

* Fix parsing of full path tty name in various modules
* pam_xauth: Look for xauth executable in multiple places
* pam_env: Support /etc/environment again, but don't treat it as
  error if it is missing.
* pam_userdb: Fix memory leak.

See the ChangeLog file for more details.

You can find the tar archives "Linux-PAM-0.99.2.0.tar.gz" and
"Linux-PAM-0.99.2.0-docs.tar.gz" on ftp.kernel.org and all mirrors
in the directory /pub/linux/libs/pam/pre/library/


Dmitry V. Levin,
Sebastien Tricaud,

(Continue reading)

Darrell Fuhriman | 21 Nov 2005 18:16

Re: Linux-PAM 0.99.2.0 released

Thorsten Kukuk <kukuk <at> suse.de> writes:

> This release is the first version based on autoconf, automake and
> libtool which is declared as "stable" by the Authors.

This implies that portability is a priority (despite the
Linux-PAM name).  I don't get a clean build on Solaris, although
I would like to.

If I spend the time doing the clean-up, is there a reasonable
chance of getting the changes included in the distribution?

Darrell

Group

gmane.linux.pam.

Advertisement

Search Archive

Page

1 | 2 | 3

Articles in period: 29

November 2005

Language

Change language

Options

Current view: Threads only / Showing only 20 lines / Not hiding cited text.
Change to All messages, whole messages, or hide cited text.

Post a message
NNTP Newsgroup
Classic Gmane web interface
XML

XML

RSS Feed
List Information

About Gmane

Recent entries

PAM faillock and sssd (6 Jun 2013)
PAM access.conf (4 Jun 2013)
(unknown) (4 Jun 2013)
managing the /etc/pam.d files (23 May 2013)
Differences in Conversation function between distributions? (30 Apr 2013)
Question about 'session' in pam w/rt pam_env.so (22 Apr 2013)
changing password prompt (22 Mar 2013)
are there "session IDs"? (19 Mar 2013)
pam modules and setuid actions (12 Mar 2013)
pam modules and setuid actions (12 Mar 2013)
Using PAM in setuid processes (24 Jan 2013)
Can I set the user to authenticate as? (8 Jan 2013)
Can I set the user to authenticate as? (5 Jan 2013)
dlopen not able to open shared object file, even though it is existing (8 Dec 2012)
shared library loading flags (6 Dec 2012)
pam-1.1.1-10.el6_2.1.x86_64 and pam_tty_audit (21 Nov 2012)
How can I know the PAM version? (6 Nov 2012)
Get the service which succeeds. (22 Sep 2012)
Get access to my pictures and more (20 Sep 2012)
..:: VSFTP - PAM - RADIUS ::.. (18 Sep 2012)
mod_auth_pam and httpd 2.4.2 (12 Sep 2012)

Archives

11	June 2013
3	May 2013
2	April 2013
11	March 2013
6	January 2013
6	December 2012
121	November 2012
7	September 2012
7	August 2012
1	July 2012
1	June 2012
2	April 2012
9	March 2012
8	January 2012
15	December 2011
15	November 2011
21	October 2011
7	September 2011
7	August 2011
21	July 2011
14	June 2011
7	May 2011
1	April 2011
6	March 2011
4	February 2011
10	January 2011
21	December 2010
3	November 2010
7	October 2010
1	August 2010
9	July 2010
18	June 2010
11	May 2010
1	April 2010
7	March 2010
14	February 2010
7	January 2010
14	December 2009
3	November 2009
32	October 2009
7	September 2009
36	August 2009
33	July 2009
14	June 2009
5	May 2009
23	April 2009
30	March 2009
23	February 2009
14	January 2009
6	December 2008
21	November 2008
44	October 2008
23	September 2008
4	August 2008
33	July 2008
48	June 2008
24	May 2008
43	April 2008
27	March 2008
18	February 2008
21	January 2008
35	December 2007
38	November 2007
35	October 2007
66	September 2007
39	August 2007
37	July 2007
24	June 2007
15	May 2007
44	April 2007
62	March 2007
20	February 2007
24	January 2007
21	December 2006
19	November 2006
19	October 2006
27	September 2006
14	August 2006
30	July 2006
14	June 2006
32	May 2006
29	April 2006
20	March 2006
30	February 2006
59	January 2006
24	December 2005
29	November 2005
79	October 2005
35	September 2005
12	August 2005
24	July 2005
27	June 2005
24	May 2005
29	April 2005
29	March 2005
44	February 2005
82	January 2005
25	December 2004
64	November 2004
53	October 2004
74	September 2004
45	August 2004
31	July 2004
83	June 2004
66	May 2004
28	April 2004
41	March 2004
70	February 2004
22	January 2004
54	December 2003
29	November 2003
47	October 2003
89	September 2003
44	August 2003
56	July 2003
34	June 2003
85	May 2003
93	April 2003
65	March 2003
84	February 2003
56	January 2003
77	December 2002
51	November 2002
30	October 2002
59	September 2002
76	August 2002
71	July 2002
80	June 2002
112	May 2002
80	April 2002
31	March 2002
1	February 2002

Design

Zawodny | Right Menu | Left Menu

Your Own Design

Paste the URL of your CSS below. Download CSS template