LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-03-2012, 05:10 AM   #1
pingu
Senior Member
 
Registered: Jul 2004
Location: Skuttunge SWEDEN
Distribution: Debian preferably
Posts: 1,255

Rep: Reputation: 118Reputation: 118
Want to use pam-config for sshd and some other


I am configuring password requirements, account lockouts etc using PAM.
I have gotten it all to work, only problem is I can't find a way to use pam-config for everything.
The files sshd, common-auth & common-account in /etc/pam.d/ I have to write manually. This means unlinking common-*, copy common-*-pc to common-* and then edit the common-* files.
Not a big issue, but it would be nicer if I could simply use pam-config.

I have searched a lot for info about pam-config, but can't find anything about how to add pam_tally2.so with required parameters.
"pam-config -a --pam_tally2.so" gives "
invalid option -- --pam_tally2"

pam-config --add --sshd (also tried w pam_tally2) gives
pam-config: invalid option -- --sshd
Unknown module pam_tally2.so, ignored!


The configuration I need is:
Code:
common-auth: 
auth required pam_tally2.so deny=5 onerr=fail unlock_time=1800

common-account: 
account required        pam_tally2.so

sshd
auth  required  pam_tally2.so deny=5 magic_root onerr=fail unlock_time=1800
account   required   pam_tally2.so
What works fine with pam-config is:
Code:
pam-config -d --pwcheck
pam-config -a --cracklib
pam-config -a --cracklib-minlen=7
pam-config -a --cracklib-lcredit=-1
pam-config -a --cracklib-ucredit=-1
pam-config -a --cracklib-dcredit=-1
pam-config -a --pwhistory
pam-config -a --pwhistory-remember=5
 
Old 04-04-2012, 03:07 PM   #2
lithos
Senior Member
 
Registered: Jan 2010
Location: SI : 45.9531, 15.4894
Distribution: CentOS, OpenNA/Trustix, testing desktop openSuse 12.1 /Cinnamon/KDE4.8
Posts: 1,144

Rep: Reputation: 217Reputation: 217Reputation: 217
Do these examples help ?
Code:
auth     required       pam_tally.so per_user
and here some more troubleshooting.
 
Old 04-05-2012, 02:53 PM   #3
pingu
Senior Member
 
Registered: Jul 2004
Location: Skuttunge SWEDEN
Distribution: Debian preferably
Posts: 1,255

Original Poster
Rep: Reputation: 118Reputation: 118
Thanks, but no.
I do know what to write in the different pam.d/ files, I have my configuration completely in place.
What I want is to configure everything regarding PAM with the command "pam-config".
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem in using PAM-TACACS+ with sshd Bandlaraj Linux - Software 0 08-20-2009 08:32 AM
Starting sshd: /etc/init.d/sshd: line 113: /usr/sbin/sshd: Permission denied sumanc Linux - Server 5 03-28-2008 04:59 AM
pam.d/sshd config for passwd expiration ssy68 Linux - Newbie 3 03-26-2008 10:56 AM
pam or sshd ignoring max retries; 8 > 3 antieagles Linux - Security 0 09-29-2004 12:45 PM
PAM and sshd, major problems KneeLess *BSD 0 06-06-2004 02:00 PM


All times are GMT -5. The time now is 05:47 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration