PAM
"Pluggable Authentication Module." Programs that are aware of PAM use the modules defined in the PAM configuration files for making authentication/access decisions.
Remote Access Control
/etc/pam.d/sshd contains account required pam_access.so.
/etc/security/access.conf contains the rules for who can log into the machine.
/etc/pam.d/system-suth
Should contain these lines otherwise ssh among other service will not authenticate to einstein.
auth sufficient pam_ldap.so use_first_pass
account required pam_unix.so broken_shadow
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
session optional pam_ldap.so
Chart of what groups can log onto what machines:
| name | restricted by access.conf | no group | npg | farm | domain_admins | splunker |
|---|---|---|---|---|---|---|
| einstein | no | yes | yes | yes | yes | |
| lentil | no | yes | yes | yes | yes | |
| gourd | yes | no | yes | no | yes | |
| roentgen | yes | no | yes | no | yes | |
| taro | yes | no | no | yes | yes | |
| pepper | yes | no | no | yes | yes | |
| jalapeno | yes | no | no | no | yes | yes |
| tomato | yes | no | yes | no | yes | |
| okra | yes | no | yes | no | yes |
Users in NPG
- adams
- adrian
- aduston
- bm
- bogdan
- dabagian
- dawson
- edh
- gavalian
- hersman
- hz5w
- iimothys
- iulian
- jhh
- johnk
- jrc
- karpiusp
- ketel
- lzana
- maurik
- mmason
- muradian
- nenchev
- octavian
- pjb
- protopop
- sgarman
- shepard
- silas
- wzm
- crowlebw
- hovanes
- cglynn
- wporter
- jketel
- ntadmin
- domain_admin
- bradford
- momi
- mccoyst
- minuti
- dal
- bbobbin
- ndelete
- kyle
- jishnu
- dan
- junnarkar
- sam
- steve
- karpiustest
- sarahp
