LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 07-03-2003, 02:51 PM   #1
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,978
Blog Entries: 11

Rep: Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879
Pam


Hi guys,

has anyone gone through adding PAM
to Slack? How much hassle was it?

Googling on groups brought up several
hits, but none too explicit on what needed
doing, or what amount of work was involved.

Cheers,
Tink
 
Old 07-03-2003, 03:53 PM   #2
contrasutra
Guru
 
Registered: Mar 2003
Location: New Jersey
Distribution: Arch Linux
Posts: 1,445

Rep: Reputation: 46
Heres some slack 9 packages for it:

http://slackpacks.tchelinux.com.br/pam/Latest-9.0/

They also have 8.1 if you need it.


I haven't tried it,so I cant tell you if it works. But all the packages ive gotten from this guy have worked well.
 
Old 07-03-2003, 04:10 PM   #3
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,978
Blog Entries: 11

Original Poster
Rep: Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879
Ta mate :)

Grabbed an 8.1 version, installed smoothly,
now I need to compile a few porgrams that
work with PAM against it to see whether it's
all go :}

Will keep you informed!

Cheers,
Tink
 
Old 07-03-2003, 04:15 PM   #4
contrasutra
Guru
 
Registered: Mar 2003
Location: New Jersey
Distribution: Arch Linux
Posts: 1,445

Rep: Reputation: 46
What programs needed it?

I have never had to install PAM, maybe im missing out on something.
 
Old 07-03-2003, 04:23 PM   #5
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,978
Blog Entries: 11

Original Poster
Rep: Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879
No programs (that I use, anyway)
necessarily need it, however, it's
a "nice feature" to be able to
authenticate against a PostgreSQL
database or LDAP if you're in the
corporate world ... ;)

The reason why I am after it is that
I want to extend iptables to be an
authentication based gateway rather
than just a "dumb packet filter" ... that
is, I want to make sure that a certain
user can/can't do certain things rather
than assuming the person is always on
the same IP ;)

If I'm successful with that I want to extend
iptables to verify that the program trying
to access a port/address is cosher, similar
to what Norton or Tiny (Kerio) do in WinDOHs.

Cheers,
Tink

P.S.: If someone knows a GPLed program that
already does these things I'll gladly save
myself the trouble ;}
 
Old 07-03-2003, 05:35 PM   #6
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,279
Blog Entries: 54

Rep: Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854Reputation: 2854
If I'm successful with that I want to extend
iptables to verify that the program trying
to access a port/address is cosher, similar
to what Norton or Tiny (Kerio) do in WinDOHs.


Not exactly a reply to your thread, since you're on a different track, but I'd like to draw your attention to a short explanation of what Grsecurity can do for you wrt to restricting users, for instance denying setting up client or server sockets and other ramblings about the search for the "ZA for Linux" grail I've made in /sec earlier on.
 
Old 07-03-2003, 05:57 PM   #7
Tinkster
Moderator
 
Registered: Apr 2002
Location: in a fallen world
Distribution: slackware by choice, others too :} ... android.
Posts: 22,978
Blog Entries: 11

Original Poster
Rep: Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879Reputation: 879
Quote:
Not exactly a reply to your thread, since you're on a different track, but I'd like to draw your attention to a short explanation of what Grsecurity can do for you wrt to restricting users, for instance denying setting up client or server sockets and other ramblings about the search for the "ZA for Linux" grail I've made in /sec earlier on.
Thanks for commenting on my post,
and the two very interesting/highly
informative links. I'll certainly give
grsecurity a try (hoping that it'll be
fine with the other custom kernel
patches, like ACPI ;})

Quote:
Quoted from the other rambling -thread
Scanning /proc will be more of a "brute force" approach because for instance starting up a client app like Nutscrape doesn't mean I'm going out on the network. Sniffing for traffic and denying it as soon as it doesn't match up with any criteria is just too late, so waiting for an app to make a call to set up a socket seems the best way so far. Having a static list of apps that are always allowed could speed up the decision part. Also for all of the above you have to ask yourself if an app could DoS this "ZA for Linux" approach.
I was thinking about a iptables pluggable
module that uses /proc to establish the PID
of the process making a connect, check the
application doing it against a database of
whatever kind (loading known & trusted apps
the first time the target is jumped to from a
config-file [Psql-database, XML, ...]), verify
the user running it, ... and prompt ruth while
denying unknown programs/people at first.
With the userland interface of iptables it
would be a breeze to kick out DoS by
handing them on to tcpwrapper :}

The hardest bit would be to make a client
for this approach that runs on win-boxen
on the network (so I can check their authenticity,
too, the Linux machines are less of a concern).

Cheers,
Tink

Last edited by Tinkster; 07-03-2003 at 05:59 PM.
 
Old 07-03-2003, 06:48 PM   #8
quietguy47
Member
 
Registered: Mar 2003
Location: Everett
Distribution: Slackware 13.37
Posts: 785

Rep: Reputation: 31
I was reading about SELinux earlier. You might want to check it out.
http://www.coker.com.au/selinux/
http://www.crypt.gen.nz/selinux/faq.html
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Pam anirudhraami Linux - Software 7 07-27-2005 12:36 AM
Pam help Krugger Linux - Security 3 07-07-2005 06:53 PM
vsftpd + pam + virtual users - Pam cannot load database file. mdkelly069 Linux - Networking 3 09-22-2004 11:07 PM
PAM help manya Linux - Security 1 05-10-2004 09:39 AM
Pam Mephisto Slackware 1 01-22-2003 02:35 AM


All times are GMT -5. The time now is 11:16 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration