[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: pam & winbindd

From: Kenneth Geisshirt <kenneth geisshirt dk>
To: Pluggable Authentication Modules <pam-list redhat com>
Subject: Re: pam & winbindd
Date: Thu, 19 Apr 2007 10:25:55 +0200

On Tue, 17 Apr 2007 12:04:37 +0200 Peter Huber <huber uni-wh de> wrote:

> Thanks for that hint. Can you show me your corresponding pam config
> files? I have still got some trouble here...

I didn't have a winbind example at home but I have work for limiting
rsh.

# PAM configuration for rsh (SLES 8)
auth     required  pam_rhosts_auth.so no_rhosts
auth     required  pam_nologin.so 
account  required  pam_access.so \
accessfile=/etc/security/rsh-access.conf

rsh-access.conf is (only members of the petromod group can use rsh
from either localhost or the ux0001 host):

# /etc/security/rsh-access.conf
# RSH access
# Last modified: 2005-08-11
#
+:petromod:localhost,ux0001
-:ALL:ALL

But the succeed_if module is also nice since you don't need a
configuration file:
# PAM configuration for rsh - /etc/pam.d/rsh
# SLES 9
auth     required  pam_rhosts_auth.so no_rhosts
auth     required  pam_nologin.so
auth     required  pam_succeed_if.so user ingroup petromod

The examples can also be found in my PAM book - see
http://www.packtpub.com/pluggable-authentication-modules/book

/kneth

-- 
Kenneth Geisshirt, Ph.D., M.Sc. - http://kenneth.geisshirt.dk/
"To infinity, and beyond!" -- Buzz Lightyear

Follow-Ups:
- Re: pam & winbindd
  - From: Peter Huber

References:
- pam & winbindd
  - From: Peter Huber
- Re: pam & winbindd
  - From: Kenneth Geisshirt
- Re: pam & winbindd
  - From: Peter Huber

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]