Questions tagged [pam]
Pluggable Authentication Modules handle authentication tasks of applications or services running on the system.
664
questions
1
vote
0
answers
19
views
Update password-auth Using Ansible
I would like to update /etc/pam.d/password-auth using Ansible to have the following line (or a similar one with the remember=5 argument added)
password requisite pam_pwhistory.so remember=5
If a ...
0
votes
2
answers
36
views
How do I get linux flavors, like Fedora, RHEL, Amazon Linux, and others that don't update motd on login to do so?
I am trying to get my Amazon Linux 2023 server to update the MOTD on login, not on a timer or by fiddling with the profile. I want a clean experience for users whether they re-exec their shell, or ...
2
votes
0
answers
24
views
Successor of pam_tally2
I am using pam_tally2 for some time to count failed logins.
/etc/pam.d/common-auth
auth optional pam_tally2.so onerr=succeed audit debug
I had integrated it into pam and when I needed the ...
0
votes
1
answer
40
views
Does updating password policy using PAM force existing users to change their password in the next login?
I plan to configure PAM config files on a SUSE server with the rule below:
Current rule is:
password required pam_cracklib.so dcredit=-1 ucredit=-1 ocredit=-1 lcredit=0 minlen=9
Rule after change ...
0
votes
0
answers
39
views
How to setup PAM fprint grosshack with GDM?
I was following the login configurations of fprint - ArchWiki, and I wanted to use pam-fprint-grosshack with GDM.
I couldn't find any information about it, because the wiki says at the beginning of ...
0
votes
1
answer
47
views
centos7 cron job pam_limit invalid line hard nproc skipped
I am getting the error:
May 29 19:15:02 vps3.domain.com crond[19846]: pam_limits(crond:session): invalid line 'user3 hard nproc ' - skipped
May 29 19:15:02 vps3.domain.com crond[19846]: pam_limits(...
0
votes
1
answer
48
views
How does the credit system work in pam_pwquality?
Something has been really bugging me in he manual for the pam module pwquality (see man pwquality.conf).
I quote:
minlen
Minimum acceptable size for the new password (plus one if ...
2
votes
1
answer
85
views
How to require manual approval for ssh logins
I would like to require a manual approval (by means of physical access, like GUI or framebuffer console) from the device being ssh'd to before letting in any connections. Presumably it would need to ...
1
vote
0
answers
50
views
Adding extra PAM modules on yocto
I'm new to yocto, I'm trying to add the 'pwquality' pam module to the image but I'm struggling with it, initially I have added this line to the local.conf file:
DISTRO_FEATURES:append = " pam&...
2
votes
1
answer
122
views
How to config SSH authentication with all 3 components: publickey, password and OTP
Update 1: I'm able to apply all publickey + password + OTP with this basic config in /etc/pam.d/common-auth.
auth [success=ok] pam_unix.so
auth [success=1] pam_google_authenticator.so nullok ...
0
votes
0
answers
98
views
How to change the timeout between incorrect password attempts in SDDM?
When entering a password, either in terminal or on login screen (in my case SDDM), the default timeout between incorrect attempts is around 2 or 3 seconds. I want to change it to something lower as I ...
1
vote
1
answer
213
views
Why is pam_unix.so set "required" even when LDAP is enabled?
On my Rocky Linux 9.3 machine, LDAP authentication is enabled by authselect and is working fine. I can ssh into this machine by both local accounts and LDAP-only accounts. However, my /etc/pam.d/...
0
votes
0
answers
48
views
Need password authentication while runing "systemctl stop .service"
I am looking for a way to add one more password authentication to run
systemctl stop abc.service
via root access.
I am using Rocky Linux.
I have no idea if it is even possible. Please help.
0
votes
0
answers
29
views
Override PAM module options
Is it possible to override PAM module options for a module that appeared earlier in the PAM stack?
For example, I have /etc/pam.d/sudo:
#%PAM-1.0
# Set up user limits from /etc/security/limits.conf.
...
0
votes
0
answers
13
views
ways to identify PAM prompts?
Is there a way to identify when PAM prompts on the terminal? something similar to sudo/doas which allows to set a prefix for all their messages, or override it entirely (e.g. env SUDO_PROMPT)