Difference between revisions of "PAM"
From Nuclear Physics Group Documentation Pages
Jump to navigationJump to searchLine 3: | Line 3: | ||
''/etc/pam.d/sshd'' contains <code>account required pam_access.so</code>.<br />''/etc/security/access.conf'' contains the rules for who can log into the machine. | ''/etc/pam.d/sshd'' contains <code>account required pam_access.so</code>.<br />''/etc/security/access.conf'' contains the rules for who can log into the machine. | ||
− | ''/etc/pam.d/system-suth'' contains | + | ''/etc/pam.d/system-suth'' contains<br/> |
<code> | <code> | ||
auth sufficient pam_ldap.so use_first_pass<br/> | auth sufficient pam_ldap.so use_first_pass<br/> | ||
− | account required pam_unix.so broken_shadow | + | account required pam_unix.so broken_shadow<br/> |
− | account [default=bad success=ok user_unknown=ignore] pam_ldap.so | + | account [default=bad success=ok user_unknown=ignore] pam_ldap.so<br/> |
− | password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok | + | password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok<br/> |
− | password sufficient pam_ldap.so use_authtok | + | password sufficient pam_ldap.so use_authtok<br/> |
− | session optional pam_ldap.so | + | session optional pam_ldap.so<br/> |
</code> | </code> | ||
Revision as of 21:10, 24 October 2009
"Pluggable Authentication Module." Programs that are aware of PAM use the modules defined in the PAM configuration files for making authentication/access decisions.
Remote Access Control
/etc/pam.d/sshd contains account required pam_access.so
.
/etc/security/access.conf contains the rules for who can log into the machine.
/etc/pam.d/system-suth contains
auth sufficient pam_ldap.so use_first_pass
account required pam_unix.so broken_shadow
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
session optional pam_ldap.so
Chart of what groups can log onto what machines:
name | restricted by access.conf | no group | npg | farm | domain_admins | splunker |
---|---|---|---|---|---|---|
einstein | no | yes | yes | yes | yes | |
lentil | no | yes | yes | yes | yes | |
gourd | yes | no | yes | no | yes | |
roentgen | yes | no | yes | no | yes | |
taro | yes | no | no | yes | yes | |
pepper | yes | no | no | yes | yes | |
jalapeno | yes | no | no | no | yes | yes |
tomato | yes | no | yes | no | yes | |
okra | yes | no | yes | no | yes |
Users in NPG
- adams
- adrian
- bm
- bogdan
- dabagian
- dawson
- edh
- gavalian
- hersman
- hz5w
- iimothys
- iulian
- jhh
- johnk
- jrc
- karpiusp
- ketel
- lzana
- maurik
- mmason
- muradian
- nenchev
- octavian
- pjb
- protopop
- sgarman
- shepard
- silas
- wzm
- crowlebw
- hovanes
- cglynn
- wporter
- jketel
- ntadmin
- domain_admin
- bradford
- momi
- mccoyst
- minuti
- dal
- bbobbin
- ndelete
- kyle
- jishnu
- dan
- junnarkar
- sam
- steve
- karpiustest
- sarahp