LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 02-12-2020, 09:45 AM   #1
ivandi
Member
 
Registered: Jul 2009
Location: Québec, Canada
Distribution: CRUX, Debian
Posts: 508

Rep: Reputation: 844Reputation: 844Reputation: 844Reputation: 844Reputation: 844Reputation: 844Reputation: 844
Testing PAM in current


Here are the notes I took while maintaining spamware. Hopefully they will help some of you to setup a testing environment.


Cheers.

P.S. Thank you for the kind words Mr. Volkerding.



NOTES:
Code:
DOMAIN CONTROLLER:
==================
samba-tool domain provision --use-rfc2307 --interactive

ln -s /var/lib/samba/private/krb5.conf /etc
ln -s /var/lib/samba/private/kdc.conf /etc

/etc/default/samba:
-------------------
START_SAMBA_DC=yes
SAMBA_DC_OPTS="-D"
#START_WINBINDD=yes
#WINBINDD_OPTS="-D"
#START_SMBD=yes
#SMBD_OPTS="-D"
#START_NMBD=yes
#NMBD_OPTS="-D"

Easy password policy:
---------------------
samba-tool domain passwordsettings set --complexity=off
samba-tool domain passwordsettings set --min-pwd-length=5
samba-tool domain passwordsettings set --history-length=0
samba-tool domain passwordsettings set --min-pwd-age=0
samba-tool domain passwordsettings set --max-pwd-age=365
samba-tool domain passwordsettings show
---------------------

Add users:
----------
samba-tool user create test
----------

DHCP SERVER:
============
/etc/dhcpd.conf:
----------------
authoritative;
option domain-name "example.net";
option domain-name-servers dc.example.net;

ignore client-updates;
update-static-leases on;

default-lease-time 600;
max-lease-time 7200;
log-facility local7;

subnet 192.168.0.0 netmask 255.255.255.0 {
  range 192.168.0.100 192.168.0.200;
  option routers 192.168.0.1;
}
----------------
echo /usr/sbin/dhcpd >> /etc/rc.d/rc.local

The dhcp clients should update their DNS records (see the dhcpcd hook below).


DC WITH BIND_DLZ BACKEND:
=========================
samba-tool domain provision --use-rfc2307 --interactive
DNS backend: BIND9_DLZ

ln -s /var/lib/samba/private/krb5.conf /etc
ln -s /var/lib/samba/private/kdc.conf /etc

BIND:
-----
rndc-confgen -a

mkdir -p /var/lib/named/example.net
wget -O - http://www.internic.net/domain/named.root > /var/lib/named/example.net/named.root

/var/lib/named/example.net/localhost.zone:
------------------------------------------
$TTL	86400
$ORIGIN localhost.
@	1D IN SOA	@ root (
			1		; serial
			3H		; refresh
			15M		; retry
			1W		; expiry
			1D )		; minimum
	1D IN NS	@
	1D IN A		127.0.0.1
------------------------------------------

/var/lib/named/example.net/named.local:
---------------------------------------
$TTL	86400
@	IN SOA		localhost. root.localhost. (
			2		; serial
			28800		; refresh
			14400		; retry
			3600000		; expire
			86400 )		; minimum
	IN	NS	localhost.
1	IN	PTR	localhost.
---------------------------------------

/etc/named.conf:
----------------
options {
    directory "/var/lib/named";

    allow-query { 192.168.0.0/24; localhost; };
    allow-recursion { 192.168.0.0/24; localhost; };

    tkey-gssapi-keytab "/var/lib/samba/private/dns.keytab";
};

zone "." IN {
    type hint;
    file "example.net/named.root";
};

zone "localhost" IN {
    type master;
    file "example.net/localhost.zone";
    notify no;
    allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
    type master;
    file "example.net/named.local";
    notify no;
    allow-update { none; };
};

include "/var/lib/samba/private/named.conf";
----------------


DOMAIN MEMBER:
==============
/etc/samba/smb.conf:
--------------------
[global]
    realm = EXAMPLE.NET
    workgroup = EXAMPLE
    security = ADS
    encrypt passwords = yes

    idmap config *:backend = tdb
    idmap config *:range = 3000-7999

    idmap config EXAMPLE:backend = rid
    idmap config EXAMPLE:schema_mode = rfc2307
    idmap config EXAMPLE:range = 70001-80000
    idmap config EXAMPLE:unix_nss_info = yes
    idmap config EXAMPLE:unix_primary_group = yes

    template shell = /bin/bash
    template homedir = /home/%U

    winbind use default domain = yes

    winbind enum users = yes
    winbind enum groups = yes
    winbind nested groups = yes

    winbind refresh tickets = yes
    winbind offline logon = yes

    kerberos method = secrets and keytab

    client use spnego = yes

#    usershare path = /var/lib/samba/usershares
#    usershare max shares = 10
#    usershare allow guests = yes
#    usershare owner only = yes

[homes]
    comment = Home Directories
    browseable = no
    writable = yes

[printers]
    comment = All Printers
    path = /var/spool/samba
    browseable = no
    guest ok = no
    writable = no
    printable = yes
--------------------

/etc/nsswitch.conf:
-------------------
passwd:		compat winbind
group:		compat winbind

hosts:		files dns wins
networks:	files

services:	files
protocols:	files
rpc:		files
ethers:		files
netmasks:	files
netgroup:	files
bootparams:	files

automount:	files
aliases:	files
-------------------

/etc/pam.d/system-auth:
-----------------------
auth		[success=1 default=ignore]				pam_localuser.so
auth		[success=done new_authtok_reqd=done default=die]	pam_winbind.so
auth		required						pam_unix.so

account		[success=1 default=ignore]				pam_localuser.so
account		[success=done new_authtok_reqd=done default=die]	pam_winbind.so
account		required						pam_unix.so

session		[success=1 default=ignore]				pam_localuser.so
session		[success=done new_authtok_reqd=done default=die]	pam_winbind.so
session		required						pam_unix.so

password	[success=1 default=ignore]				pam_localuser.so
password	[success=done new_authtok_reqd=done default=die]	pam_winbind.so
password	required						pam_unix.so
-----------------------

/etc/security/pam_winbind.conf
------------------------------
[global]
    cached_login = yes
    krb5_auth = yes
    krb5_ccache_type = FILE
------------------------------

/etc/security/group.conf
------------------------
*;*;%domain users;Al0000-2400;lp,floppy,audio,video,cdrom,input,plugdev,power,netdev,scanner,users
------------------------

/etc/krb5.conf:
---------------
[libdefaults]
    default_realm    = EXAMPLE.NET
    dns_lookup_realm = false
    dns_lookup_kdc   = true

[logging]
    default          = SYSLOG:NOTICE

[plugins]
    localauth = {
	module = winbind:winbind/winbind_krb5_localauth.so
	enable_only = winbind
    }
---------------

/etc/default/samba:
-------------------
#START_SAMBA_DC=yes
#SAMBA_DC_OPTS="-D"
START_WINBINDD=yes
WINBINDD_OPTS="-D"
START_SMBD=yes
SMBD_OPTS="-D"
START_NMBD=yes
NMBD_OPTS="-D"
-------------------

/etc/resolv.conf:
-----------------
search example.net
nameserver <dc.ip.address>
-----------------

DHCPCD hook to update Samba AD DC DNS:
--------------------------------------
if $if_up; then
    net ads dns register -P
fi
--------------------------------------

/etc/sudoers.d/administrator:
-----------------------------
%administrator ALL=(ALL) NOPASSWD: ALL
-----------------------------

net ads join -U administrator

net ads keytab create -U administrator


SSH SSO:
========
/etc/ssh/sshd_config:
---------------------
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
---------------------

/etc/ssh/ssh_config:
--------------------
GSSAPIAuthentication yes
--------------------


SSH PAM:
========
/etc/ssh/sshd_config:
---------------------
UsePAM yes
ChallengeResponseAuthentication no
PrintMotd no
PrintLastLog no
---------------------


SELF SIGNED CERTIFICATE:
========================
openssl req -new -x509 -nodes -subj "/CN=$(hostname -f)" -days 365 -out server.crt -keyout server.key
chmod 400 server.key
chmod 444 server.crt


HTTP SSO:
=========
keytab:
-------
net ads keytab add_update_ads HTTP -U administrator
setfacl -m u:apache:r /etc/krb5.keytab

CNAME:
------
samba-tool dns add dc.example.net example.net www CNAME srv.example.net -U administrator

/etc/httpd/httpd.conf:
----------------------
--- httpd.conf.orig
+++ httpd.conf
@@ -92 +92 @@
-#LoadModule socache_shmcb_module lib64/httpd/modules/mod_socache_shmcb.so
+LoadModule socache_shmcb_module lib64/httpd/modules/mod_socache_shmcb.so
@@ -147 +147 @@
-#LoadModule ssl_module lib64/httpd/modules/mod_ssl.so
+LoadModule ssl_module lib64/httpd/modules/mod_ssl.so
@@ -209 +209 @@
-ServerAdmin you@example.com
+ServerAdmin administrator@example.net
@@ -218 +218 @@
-#ServerName www.example.com:80
+ServerName www.example.net:80
@@ -518 +518 @@
-#Include /etc/httpd/extra/httpd-ssl.conf
+Include /etc/httpd/extra/httpd-ssl.conf
@@ -538,0 +539,11 @@
+#
+# Needs a HTTP principal and readable keytab
+#
+LoadModule auth_kerb_module lib64/httpd/modules/mod_auth_kerb.so
+<Directory /srv/httpd/htdocs>
+    AuthType      Kerberos
+    AuthName      "Kerberos Login"
+    Krb5Keytab    /etc/krb5.keytab
+    KrbAuthRealms EXAMPLE.NET
+    Require       valid-user
+</Directory>
----------------------

Firefox:
--------
about:config -> network.negotiate-auth.trusted-uris = https://www.example.net


IMAP AND SMTP SSO:
==================
keytab:
-------
net ads keytab add_update_ads imap -U administrator
net ads keytab add_update_ads smtp -U administrator
setfacl -m u:dovecot:r /etc/krb5.keytab

CNAME:
------
samba-tool dns add dc.example.net example.net imap CNAME srv.example.net -U administrator
samba-tool dns add dc.example.net example.net smtp CNAME srv.example.net -U administrator

/etc/dovecot/dovecot.conf:
--------------------------
protocols = imap
service imap-login {
  inet_listener imap {
    port = 0
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
}

disable_plaintext_auth = yes
auth_mechanisms = plain login gssapi

passdb {
  driver = pam
}
userdb {
  driver = passwd
}

log_path = syslog
syslog_facility = mail

mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u
#mail_location = maildir:~/Maildir

ssl_cert = </etc/dovecot/server.crt
ssl_key =  </etc/dovecot/server.key

service auth {
  unix_listener /var/spool/postfix/private/auth {
    mode = 0660
    user = postfix
    group = postfix
  }
}
--------------------------

/etc/postfix/main.cf:
---------------------
--- main.cf.orig
+++ main.cf
@@ -678,0 +679,6 @@
+
+smtpd_tls_cert_file = /etc/postfix/server.crt
+smtpd_tls_key_file = /etc/postfix/server.key
+smtpd_use_tls = yes
+smtpd_sasl_type = dovecot
+smtpd_sasl_path = private/auth
---------------------

/etc/postfix/master.cf:
-----------------------
--- master.cf.orig
+++ master.cf
@@ -17,4 +17,4 @@
-#submission inet n       -       n       -       -       smtpd
-#  -o syslog_name=postfix/submission
-#  -o smtpd_tls_security_level=encrypt
-#  -o smtpd_sasl_auth_enable=yes
+submission inet n       -       n       -       -       smtpd
+  -o syslog_name=postfix/submission
+  -o smtpd_tls_security_level=encrypt
+  -o smtpd_sasl_auth_enable=yes
@@ -29,4 +29,4 @@
-#smtps     inet  n       -       n       -       -       smtpd
-#  -o syslog_name=postfix/smtps
-#  -o smtpd_tls_wrappermode=yes
-#  -o smtpd_sasl_auth_enable=yes
+smtps     inet  n       -       n       -       -       smtpd
+  -o syslog_name=postfix/smtps
+  -o smtpd_tls_wrappermode=yes
+  -o smtpd_sasl_auth_enable=yes
-----------------------

Test GSSAPI:
------------
mailx -S ssl-verify=ignore -S folder=imaps://administrator@srv.example.net -S imap-auth=gssapi

Test PAM:
---------
mailx -S ssl-verify=ignore -S folder=imaps://administrator@srv.example.net -S imap-auth=login


NFSv4 WITH KRB5 SECURITY:
=========================
Server:
-------
keytab:
-------
net ads keytab add_update_ads nfs -U administrator

/etc/default/rpc:
-----------------
NFSv4=yes
SECURE_NFS=yes
-----------------

/etc/exports:
-------------
# This file contains a list of all directories exported to other computers.

# The exported folder has to be bind mounted in /export
# mkdir -p /export/home
# mount --bind /home /export/home

# 'fsid=0'           designates this path as the nfs4 root
# 'crossmnt'         is necessary to properly expose the paths
# 'no_subtree_check' is specified to get rid of warning messages about the
#                    default value changing. This is the default value

# Security:
# sys:   None
# krb5:  Use Kerberos for authentication only.
# krb5i: Use Kerberos for authentication, and include a hash with each
#        transaction to ensure integrity. Traffic can still be intercepted
#        and examined, but modifications to the traffic will be apparent.
# krb5p: Use Kerberos for authentication, and encrypt all traffic between 
#        the client and server. This is the most secure, but also incurs
#        the most load.


/export		192.168.0.0/24(fsid=0,rw,async,sec=sys:krb5:krb5i:krb5p,no_subtree_check,crossmnt)
/export/home	192.168.0.0/24(rw,async,sec=sys:krb5:krb5i:krb5p,no_subtree_check)
-------------

Client:
-------
keytab:
-------
net ads keytab add_update_ads nfs -U administrator

/etc/default/rpc:
-----------------
NFSv4=yes
SECURE_NFS=yes
-----------------

/etc/fstab:
-----------
srv.example.net:/home  /home  nfs  sec=krb5  0  0
-----------

Test:
-----
mount -t nfs -o sec=krb5 srv.example.net:/home /mnt/tmp


CIFS WITH KRB5 SECURITY:
========================
Client:
-------
chmod u+s /sbin/mount.cifs

/etc/fstab:
-----------
//srv/share  /mnt/srv/share  cifs  noauto,user,sec=krb5  0  0
-----------


CUPS SSO:
=========
keytab:
-------
net ads keytab add_update_ads HTTP -U administrator

/etc/cups/cupsd.conf:
---------------------
--- cupsd.conf.default
+++ cupsd.conf
@@ -8,43 +8,47 @@
 LogLevel warn
 PageLogFormat
 
 # Only listen for connections from the local machine.
-Listen localhost:631
+Port 631
 Listen /var/run/cups/cups.sock
 
 # Show shared printers on the local network.
 Browsing On
 BrowseLocalProtocols 
 
 # Default authentication type, when authentication is required...
-DefaultAuthType Basic
+DefaultAuthType Negotiate
 
 # Web interface setting...
 WebInterface Yes
 
 # Restrict access to the server...
 <Location />
   Order allow,deny
+  Allow @LOCAL
 </Location>
 
 # Restrict access to the admin pages...
 <Location /admin>
   Order allow,deny
+  Allow @LOCAL
 </Location>
 
 # Restrict access to configuration files...
 <Location /admin/conf>
   AuthType Default
   Require user @SYSTEM
   Order allow,deny
+  Allow @LOCAL
 </Location>
 
 # Restrict access to log files...
 <Location /admin/log>
   AuthType Default
   Require user @SYSTEM
   Order allow,deny
+  Allow @LOCAL
 </Location>
 
 # Set the default printer/job policies...
 <Policy default>
---------------------

/etc/cups/cups-files.conf:
--------------------------
--- cups-files.conf.default
+++ cups-files.conf
@@ -17,5 +17,5 @@
 # Administrator user group, used to match @SYSTEM in cupsd.conf policy rules...
 # This cannot contain the Group value for security reasons...
-SystemGroup sys root
+SystemGroup administrator root
--------------------------

smbspool wrapper:
-----------------
ln -sf /usr/libexec/samba/smbspool_krb5_wrapper /usr/lib64/cups/backend/smb

Printer URI:
------------
smb://srv.example.net/printer


DDNS:
=====
rndc-confgen -a

rndc-confgen -a -k DDNS_UPDATE -c /etc/ddns.key

mkdir -p /var/lib/named/example.net
wget -O - http://www.internic.net/domain/named.root > /var/lib/named/example.net/named.root

/var/lib/named/example.net/localhost.zone:
------------------------------------------
$TTL	86400
$ORIGIN localhost.
@	1D IN SOA	@ root (
			1		; serial
			3H		; refresh
			15M		; retry
			1W		; expiry
			1D )		; minimum
	1D IN NS	@
	1D IN A		127.0.0.1
------------------------------------------

/var/lib/named/example.net/named.local:
---------------------------------------
$TTL	86400
@	IN SOA		localhost. root.localhost. (
			2		; serial
			28800		; refresh
			14400		; retry
			3600000		; expire
			86400 )		; minimum
	IN	NS	localhost.
1	IN	PTR	localhost.
---------------------------------------

/var/lib/named/example.net/example.net.zone:
--------------------------------------------
$TTL	1D
$ORIGIN example.net.
@	1D	IN	SOA	ns.example.net. postmaster.example.net. (
				    1  ; serial
				    3H ; refresh
				    15 ; retry
				    1W ; expire
				    3H ; minimum
				)
		IN	NS	ns
		IN	MX 10	mail
@		IN	A	192.168.10.1
gw		IN	A	192.168.10.1
ns		IN	A	192.168.10.2
mail		IN	A	192.168.10.3
dc		IN	CNAME	ns
ldap		IN	CNAME	ns
ntp		IN	CNAME	ns
smtp		IN	CNAME	mail
imap		IN	CNAME	mail
pop		IN	CNAME	mail
www		IN	CNAME	mail
nfs		IN	CNAME	mail
ftp		IN	CNAME	mail
--------------------------------------------

/var/lib/named/example.net/example.net.reverse:
-----------------------------------------------
$TTL	1D
$ORIGIN 10.168.192.in-addr.arpa.
@	IN	SOA	ns.example.net. postmaster.example.net. (
			    1  ; serial
			    3H ; refresh
			    15 ; retry
			    1W ; expire
			    3H ; minimum
			)
		NS	ns.example.net.
1		PTR	gw.example.net.
2		PTR	ns.example.net.
3		PTR	mail.example.net.
-----------------------------------------------

/etc/named.conf:
----------------
options {
    directory "/var/lib/named";
    allow-query { 192.168.10.0/24; localhost; };
    allow-recursion { 192.168.10.0/24; localhost; };
};

include "/etc/ddns.key";

zone "." IN {
    type hint;
    file "example.net/named.root";
};

zone "localhost" IN {
    type master;
    file "example.net/localhost.zone";
    notify no;
    allow-update { none; };
};

zone "0.0.127.in-addr.arpa" IN {
    type master;
    file "example.net/named.local";
    notify no;
    allow-update { none; };
};

zone "example.net" IN {
    type master;
    file "example.net/example.net.zone";
    notify no;
    allow-update { key DDNS_UPDATE; };
};

zone "10.168.192.in-addr.arpa" IN {
    type master;
    file "example.net/example.net.reverse";
    notify no;
    allow-update { key DDNS_UPDATE; };
};
----------------

/etc/dhcpd.conf:
----------------
authoritative;
option domain-name "example.net";
option domain-name-servers ns.example.net;

ddns-updates on;
ddns-update-style interim;
ignore client-updates;
update-static-leases on;

default-lease-time 600;
max-lease-time 7200;
log-facility local7;

include "/etc/ddns.key";

zone example.net. {
  primary 127.0.0.1;
  key DDNS_UPDATE;
}

zone 10.168.192.in-addr.arpa. {
  primary 127.0.0.1;
  key DDNS_UPDATE;
}

subnet 192.168.10.0 netmask 255.255.255.0 {
  range 192.168.10.100 192.168.10.200;
  option routers 192.168.10.1;
}
----------------

echo /usr/sbin/dhcpd >> /etc/rc.d/rc.local
 
Old 02-12-2020, 11:54 AM   #2
avian
Member
 
Registered: Aug 2014
Posts: 31

Rep: Reputation: Disabled
Looks very useful, something I think I'll be referring to when slackpkg tells me about all the wonderful .new config files from PAM changes in the coming weeks.

Also thanks for all your hard PAM work in the past!
 
Old 02-12-2020, 09:48 PM   #3
Richard Cranium
Senior Member
 
Registered: Apr 2009
Location: Carrollton, Texas
Distribution: Slackware64 14.2
Posts: 3,721

Rep: Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067
Too bad you can't upvote the first post in a thread.

Thank you @ivandi for sharing this.
 
Old 02-12-2020, 10:01 PM   #4
montagdude
Senior Member
 
Registered: Apr 2016
Distribution: Slackware
Posts: 1,794

Rep: Reputation: 1379Reputation: 1379Reputation: 1379Reputation: 1379Reputation: 1379Reputation: 1379Reputation: 1379Reputation: 1379Reputation: 1379Reputation: 1379
Thank you, and good to see you back.
 
Old 02-13-2020, 07:59 AM   #5
ivandi
Member
 
Registered: Jul 2009
Location: Québec, Canada
Distribution: CRUX, Debian
Posts: 508

Original Poster
Rep: Reputation: 844Reputation: 844Reputation: 844Reputation: 844Reputation: 844Reputation: 844Reputation: 844
IMHO the big system-auth is a bad idea. I quickly spotted some duplications with other services. It also makes difficult switching different authentication methods with different password/login policies.

Also why every service that does session management should try to open gnome keyring.



Cheers
 
2 members found this post helpful.
Old 02-13-2020, 03:59 PM   #6
abga
Senior Member
 
Registered: Jul 2017
Location: EU
Distribution: Slackware
Posts: 1,633

Rep: Reputation: 924Reputation: 924Reputation: 924Reputation: 924Reputation: 924Reputation: 924Reputation: 924Reputation: 924
Well, I just removed ivandi from my ignore list. Still, one click away to revert it if ivandi turns back into Ivan the Terrible

@ivandi
Thanks for sharing this.
 
Old 02-13-2020, 04:40 PM   #7
upnort
Senior Member
 
Registered: Oct 2014
Distribution: Slackware, Proxmox, Debian, CentOS
Posts: 1,678

Rep: Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007Reputation: 1007
Quote:
Still, one click away to revert it if ivandi turns back into Ivan the Terrible
ivandi wanted basic enterprise authentication. That happened. Perhaps ivandi now will be Ivan the Calm.

Pat was a helluva good sport about his criticisms and methods too. That's why he is the BDFL with emphasis on the B.
 
2 members found this post helpful.
Old 02-13-2020, 04:48 PM   #8
bifferos
Member
 
Registered: Jul 2009
Posts: 372

Rep: Reputation: 136Reputation: 136
Quote:
Originally Posted by Richard Cranium View Post
Too bad you can't upvote the first post in a thread.
Indeed. You could rate the thread instead I suppose.
 
Old 02-13-2020, 11:29 PM   #9
bassmadrigal
LQ Guru
 
Registered: Nov 2003
Location: West Jordan, UT, USA
Distribution: Slackware
Posts: 7,388

Rep: Reputation: 5082Reputation: 5082Reputation: 5082Reputation: 5082Reputation: 5082Reputation: 5082Reputation: 5082Reputation: 5082Reputation: 5082Reputation: 5082Reputation: 5082
Quote:
Originally Posted by Richard Cranium View Post
Too bad you can't upvote the first post in a thread.

Thank you @ivandi for sharing this.
While you can't mark the thread as "helpful" for the initial post, if you click the little scale next to the OS indicator and online/offline penguin, it will still add to their reputation points.
 
7 members found this post helpful.
Old 02-14-2020, 04:37 AM   #10
kjhambrick
Senior Member
 
Registered: Jul 2005
Location: Round Rock, TX
Distribution: Slackware64 14.2 + Multilib
Posts: 1,484

Rep: Reputation: 921Reputation: 921Reputation: 921Reputation: 921Reputation: 921Reputation: 921Reputation: 921Reputation: 921
Thank you for all your work on this ivandi ( and vbatts too ) !

I've been crazy busy at work for the past year but I still lurk on LQ when time permits.

I should add that I still run a Slackware 14.2 DC / File Server at home following your spamware programs and recipes.

It's run great for over two years now !

-- kjh

Last edited by kjhambrick; 02-14-2020 at 04:43 AM. Reason: add spamware
 
3 members found this post helpful.
Old 02-14-2020, 10:26 AM   #11
chrisretusn
Senior Member
 
Registered: Dec 2005
Location: Philippines
Distribution: Slackware64-current
Posts: 1,322

Rep: Reputation: 564Reputation: 564Reputation: 564Reputation: 564Reputation: 564Reputation: 564
So far, so good, pam applied both with slackware64-current and ktown. Nothing sticking yet. Time to learn new things.
 
Old 02-14-2020, 10:30 AM   #12
cwizardone
LQ Guru
 
Registered: Feb 2007
Distribution: Slackware64-current with "True Multilib."
Posts: 5,950
Blog Entries: 1

Rep: Reputation: 3241Reputation: 3241Reputation: 3241Reputation: 3241Reputation: 3241Reputation: 3241Reputation: 3241Reputation: 3241Reputation: 3241Reputation: 3241Reputation: 3241
Quote:
Originally Posted by chrisretusn View Post
So far, so good, pam applied both with slackware64-current and ktown. Nothing sticking yet. Time to learn new things.
Ditto.
Completely transparent.
(OTOH, KDE5 is just plain bone ugly )
 
Old 02-14-2020, 01:02 PM   #13
Alien Bob
Slackware Contributor
 
Registered: Sep 2005
Location: Eindhoven, The Netherlands
Distribution: Slackware
Posts: 8,178

Rep: Reputation: 7101Reputation: 7101Reputation: 7101Reputation: 7101Reputation: 7101Reputation: 7101Reputation: 7101Reputation: 7101Reputation: 7101Reputation: 7101Reputation: 7101
Quote:
Originally Posted by cwizardone View Post
(OTOH, KDE5 is just plain bone ugly )
How funny, I feel exactly the opposite...
 
5 members found this post helpful.
Old 02-14-2020, 01:14 PM   #14
cwizardone
LQ Guru
 
Registered: Feb 2007
Distribution: Slackware64-current with "True Multilib."
Posts: 5,950
Blog Entries: 1

Rep: Reputation: 3241Reputation: 3241Reputation: 3241Reputation: 3241Reputation: 3241Reputation: 3241Reputation: 3241Reputation: 3241Reputation: 3241Reputation: 3241Reputation: 3241
Whatever floats your boat, as they say.
 
Old 02-14-2020, 03:36 PM   #15
Richard Cranium
Senior Member
 
Registered: Apr 2009
Location: Carrollton, Texas
Distribution: Slackware64 14.2
Posts: 3,721

Rep: Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067Reputation: 2067
Quote:
Originally Posted by bassmadrigal View Post
While you can't mark the thread as "helpful" for the initial post, if you click the little scale next to the OS indicator and online/offline penguin, it will still add to their reputation points.
I just did that very thing. Thanks for the tip! (You get an upvote too.)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
PAM Kerberos and ADS for Slackware-current - Call for testing ivandi Slackware 95 08-05-2015 10:46 PM
/etc/pam.d/system-auth-ac vs. /etc/pam.d/password-auth-ac vs. /etc/pam.d/sshd christr Red Hat 2 08-01-2014 07:08 PM
PAM module:passwd:- how many character validate by pam library amit_pansuria Linux - General 3 10-21-2008 01:19 AM
vsftpd + pam + virtual users - Pam cannot load database file. mdkelly069 Linux - Networking 3 09-22-2004 11:07 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 06:52 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration