Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have PAM configured to allow Novell logins using ncpfs and the pam_ncp_auth.so module. However, I recently discovered that, for local users (I have a local account for administration), I can enter any password, or no password at all, and it allows the login. Sudo still behaves normally, and /var/log/auth.log shows nothing other than gdm having trouble unlocking a keyring (because I'm not entering the correct password, no doubt). The only thing I added/changed to the PAM config is in common_auth, I changed pam_unix.so to sufficient (instead of required).
I know I haven't provided a huge amount of info about the system, but I went through the same procedure on a test system beforehand and never ran into these problems. Any ideas?
Ok, well, I feel like an idiot: I don't know why this didn't show up on my test machine, but the reason local passwords were ignored was that the "sufficient" control-flag will ignore failed modules. The reason I configured it this way was because I was under the impression that just changing common-auth would make it simpler for any other services to use Novell to authenticate.
So to fix it, I changed common-auth to "auth required pam_unix.so nullok secure", and added a custom sufficient line to the gdm service. After the pam_ncp_auth.so module, I then included an "auth required pam_deny.so".
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.