[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
question on authentication / null passwds
- From: "Eric Balsa" <eric activebuddy com>
- To: <pam-list redhat com>
- Subject: question on authentication / null passwds
- Date: Tue, 22 Jan 2002 12:40:09 -0800
Hello all,
I am currently using pam_securid to authenticate users using RSA's securid
keychain fobs. I have a problem: If a user has anything in their password
field in /etc/shadow, the authentication fails. I would like to have
password fields in /etc/shadow with legitimate passwords otherwise I get
unwanted side-effects like users being able to 'su' to any other user with
no password.
Currently, this is my /etc/pam.d/sshd file (ssh is the only way to login to
this machine)
#%PAM-1.0
auth required /lib/security/pam_securid.so
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth required /lib/security/pam_deny.so
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_limits.so
session optional /lib/security/pam_console.so
I would like to know what to take out of /etc/pam.d/sshd, system-auth or su
in order for me to authenticate with pam_securid (the only method I want
users to authenticate with), yet still have passwords
in the /etc/shadow file to prevent users from su-ing, etc.
Thanks for your help
--Eric
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
[]