Difference between revisions of "PAM"

From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search
Line 2: Line 2:
 
== Remote Access Control ==
 
== Remote Access Control ==
 
''/etc/pam.d/sshd'' contains <code>account    required    pam_access.so</code>.<br />''/etc/security/access.conf'' contains the rules for who can log into the machine.
 
''/etc/pam.d/sshd'' contains <code>account    required    pam_access.so</code>.<br />''/etc/security/access.conf'' contains the rules for who can log into the machine.
 +
 +
''/etc/pam.d/system-suth'' contains
 +
<code>
 +
auth        sufficient    pam_ldap.so use_first_pass<br/>
 +
account    required      pam_unix.so broken_shadow
 +
account    [default=bad success=ok user_unknown=ignore] pam_ldap.so
 +
password    sufficient    pam_unix.so sha512 shadow nullok try_first_pass use_authtok
 +
password    sufficient    pam_ldap.so use_authtok
 +
session    optional      pam_ldap.so
 +
</code>
  
 
Chart of what groups can log onto what machines:
 
Chart of what groups can log onto what machines:

Revision as of 19:06, 24 October 2009

"Pluggable Authentication Module." Programs that are aware of PAM use the modules defined in the PAM configuration files for making authentication/access decisions.

Remote Access Control

/etc/pam.d/sshd contains account required pam_access.so.
/etc/security/access.conf contains the rules for who can log into the machine.

/etc/pam.d/system-suth contains auth sufficient pam_ldap.so use_first_pass
account required pam_unix.so broken_shadow account [default=bad success=ok user_unknown=ignore] pam_ldap.so password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok password sufficient pam_ldap.so use_authtok session optional pam_ldap.so

Chart of what groups can log onto what machines:

name restricted by access.conf no group npg farm domain_admins splunker
einstein no yes yes yes yes
lentil no yes yes yes yes
gourd yes no yes no yes
roentgen yes no yes no yes
taro yes no no yes yes
pepper yes no no yes yes
jalapeno yes no no no yes yes
tomato yes no yes no yes
okra yes no yes no yes

Users in NPG

  • adams
  • adrian
  • bm
  • bogdan
  • dabagian
  • dawson
  • edh
  • gavalian
  • hersman
  • hz5w
  • iimothys
  • iulian
  • jhh
  • johnk
  • jrc
  • karpiusp
  • ketel
  • lzana
  • maurik
  • mmason
  • muradian
  • nenchev
  • octavian
  • pjb
  • protopop
  • sgarman
  • shepard
  • silas
  • wzm
  • crowlebw
  • hovanes
  • cglynn
  • wporter
  • jketel
  • ntadmin
  • domain_admin
  • bradford
  • momi
  • mccoyst
  • minuti
  • dal
  • bbobbin
  • ndelete
  • kyle
  • jishnu
  • dan
  • junnarkar
  • sam
  • steve
  • karpiustest
  • sarahp

External Links

pam_access PAM module document