LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-07-2006, 07:38 AM   #1
collen
Member
 
Registered: Jun 2003
Location: /
Distribution: Fedora/Debian
Posts: 86

Rep: Reputation: 15
Smile Apache auth_pam / pam winbind deny failed user auth


Well, i have a question/problem for the real die hards..!

we're having an intranet up and runnin,
authorisation is done with the auth_pam module fot Apache.
pam authorisation is done with pam_winbind.so agains samba PDC server.

it alworks ok.

but now we need some sort of failtrhough.

the idea is that after trying to login for (let's say) 3 or 5 time
the account (even better the ip adress) is blocked.
to prevent hacking of user accounts from a IP address.
in this case, if a student is trying to hack other studends, or even worse teachers accouts
his or her ip is blocked, and that specific computer is excluded preventing it to login ever.!
(unless he/she pay's a visit to the system/network manager explaining his/her way's)

annyway, how can i setup a black/white list system, based on login attempts info from
the linux pam system, or apache webserver ??

all inputs are welcome..

Greets,

Collen
 
Old 04-07-2006, 08:01 AM   #2
paul_mat
Member
 
Registered: Nov 2004
Location: Townsville, Australia
Distribution: Fedora Core 5, CentOS 4, RHEL 4
Posts: 855

Rep: Reputation: 30
http://www.linuxquestions.org/questi...M+deny+failure
 
Old 04-07-2006, 09:22 AM   #3
collen
Member
 
Registered: Jun 2003
Location: /
Distribution: Fedora/Debian
Posts: 86

Original Poster
Rep: Reputation: 15
Ohhh, splendit.. Thx

that was indeed where i was looking for...
(jottum)

Greetz,

Collen
 
Old 04-10-2006, 02:20 AM   #4
collen
Member
 
Registered: Jun 2003
Location: /
Distribution: Fedora/Debian
Posts: 86

Original Poster
Rep: Reputation: 15
Smile

Oops, forgot..

this pam_tally, does not block IP numbers...
i need it for our intranet. (http auth)

the idea is the lockout potential abusers..
and just blocking the accounts, leaves the potential to try other accounts from the same ip/computer..

sorry, i cheered to soon

Collen.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
winbind pam module paul_mat Linux - Networking 0 12-21-2005 11:22 PM
winbind without PAM Gort32 Slackware 0 12-16-2005 10:00 AM
winbind --with-winbind-auth-challenge paul_mat Linux - Networking 0 09-27-2005 01:19 AM
Redhat 9 X-server PAM Auth. Failed billmannion Linux - Newbie 0 02-18-2004 04:37 PM
Qpopper not getting email (using PAM/Samba Winbind Auth) Josh_T_2 Linux - Networking 8 12-19-2003 12:52 PM


All times are GMT -5. The time now is 03:25 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration