Difference between revisions of "PAM"

From Nuclear Physics Group Documentation Pages
Jump to navigationJump to search
Line 3: Line 3:
 
''/etc/pam.d/sshd'' contains <code>account    required    pam_access.so</code>.<br />''/etc/security/access.conf'' contains the rules for who can log into the machine.
 
''/etc/pam.d/sshd'' contains <code>account    required    pam_access.so</code>.<br />''/etc/security/access.conf'' contains the rules for who can log into the machine.
  
''/etc/pam.d/system-suth'' contains<br/>
+
''/etc/pam.d/system-suth''<br/>
 +
Should contain these lines otherwise ssh among other service will not authenticate to einstein.<br/>
 
<code>
 
<code>
 
auth        sufficient    pam_ldap.so use_first_pass<br/>
 
auth        sufficient    pam_ldap.so use_first_pass<br/>

Revision as of 21:11, 24 October 2009

"Pluggable Authentication Module." Programs that are aware of PAM use the modules defined in the PAM configuration files for making authentication/access decisions.

Remote Access Control

/etc/pam.d/sshd contains account required pam_access.so.
/etc/security/access.conf contains the rules for who can log into the machine.

/etc/pam.d/system-suth
Should contain these lines otherwise ssh among other service will not authenticate to einstein.
auth sufficient pam_ldap.so use_first_pass
account required pam_unix.so broken_shadow
account [default=bad success=ok user_unknown=ignore] pam_ldap.so
password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok
password sufficient pam_ldap.so use_authtok
session optional pam_ldap.so

Chart of what groups can log onto what machines:

name restricted by access.conf no group npg farm domain_admins splunker
einstein no yes yes yes yes
lentil no yes yes yes yes
gourd yes no yes no yes
roentgen yes no yes no yes
taro yes no no yes yes
pepper yes no no yes yes
jalapeno yes no no no yes yes
tomato yes no yes no yes
okra yes no yes no yes

Users in NPG

  • adams
  • adrian
  • bm
  • bogdan
  • dabagian
  • dawson
  • edh
  • gavalian
  • hersman
  • hz5w
  • iimothys
  • iulian
  • jhh
  • johnk
  • jrc
  • karpiusp
  • ketel
  • lzana
  • maurik
  • mmason
  • muradian
  • nenchev
  • octavian
  • pjb
  • protopop
  • sgarman
  • shepard
  • silas
  • wzm
  • crowlebw
  • hovanes
  • cglynn
  • wporter
  • jketel
  • ntadmin
  • domain_admin
  • bradford
  • momi
  • mccoyst
  • minuti
  • dal
  • bbobbin
  • ndelete
  • kyle
  • jishnu
  • dan
  • junnarkar
  • sam
  • steve
  • karpiustest
  • sarahp

External Links

pam_access PAM module document