Pluggable authentication modules, a flexible framework for configuring authentication, most commonly the login component of Linux systems, but used in other components and operating systems.
Questions tagged [pam]
729 questions
43
votes
2 answers
Slow ssh login - Activation of org.freedesktop.login1 timed out
On one of my servers I've noticed really delay on SSH logins.
Connecting using the ssh -vvv options the delay occurs at debug1: Entering interactive session.
extract of connection:
debug1: Authentication succeeded (publickey).
Authenticated to…
Alasdair
- 551
- 1
- 4
- 7
40
votes
7 answers
Switch on PAM debugging to Syslog
How do I switch on PAM debugging in Debian Squeeze at the admin level?
I have checked every resource I was able to find. Google, manpages, whatever. The only thing I haven't tried yet (I simply not dare to, did I mention that I hate PAM?) is…
Tino
- 1,103
- 1
- 12
- 16
35
votes
6 answers
pam service(sshd) ignoring max retries
I have vps that I use to run a webserver on, it currently runs ubuntu server 12.04. Since a few weeks I keep getting a lot of errors in my ssh console.
2014 Apr 11 08:41:18 vps847 PAM service(sshd) ignoring max retries; 6 > 3
2014 Apr 11 08:41:21…
Jerodev
- 461
- 1
- 4
- 8
30
votes
7 answers
ssh: "Access denied by PAM account configuration" for one non-root user but not another
On a VM I am initializing I am able to log in as one non-root user (admin) but not another (tbbscraper) over SSH with public key authentication. The only error message I can find in any log file is
Sep 18 17:21:04 [REDACTED] sshd[18942]: fatal:…
zwol
- 1,305
- 2
- 12
- 22
30
votes
8 answers
Is there a command line two-factor authentication verification code generator?
I manage a server with two-factor authentication. I have to use the Google Authenticator iPhone app to get the 6-digit verification code to enter after entering the normal server password. The setup is described here:…
dan
- 787
- 2
- 8
- 11
26
votes
2 answers
Understand PAM and NSS
In the last days I have set up some Linux system with LDAP authentication and everything works fine, but there's still something I can't really understand regarding NSS and PAM, also after a lot of research.
Citing:
NSS allows administrators to…
ColOfAbRiX
- 980
- 2
- 11
- 22
24
votes
3 answers
What can be learned about a user from a failed SSH attempt?
What can be learned about a 'user' from a failed malicious SSH attempt?
User name entered (/var/log/secure)
Password entered (if configured, i.e. by using a PAM module)
Source IP address (/var/log/secure)
Are there any methods of extracting…
Exbi
- 373
- 2
- 6
24
votes
1 answer
Purpose Behind Disabling PAM in SSH
I'm setting up key based authentication for SSH on a new box, and was reading a few articles that mention setting UsePAM to no along with PasswordAuthentication.
My question is, what is the purpose of setting UsePAM to no if you already have…
tacotuesday
- 1,349
- 1
- 14
- 26
21
votes
5 answers
ulimit -n not changing - values limits.conf has no effect
I am trying to raise the open file descriptor maximum for all users on an ubuntu machine.
This question is somewhat of a follow up to this question.
open file descriptor limits.conf setting isn't read by ulimit even when pam_limits.so is…
Abbas Gadhia
- 323
- 1
- 3
- 10
18
votes
2 answers
How to use the ssh server with PAM but disallow password auth?
Many tutorials tell you to config your ssh server like this:
ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no
but with this setup you cannot use PAM, as i plan to use 2 Factor Auth with Google Authenticator (OTP Onetime…
c33s
- 1,465
- 3
- 20
- 39
18
votes
2 answers
open file descriptor limits.conf setting isn't read by ulimit even when pam_limits.so is required
I am trying to raise the open file descriptor maximum for all users on an ubuntu machine.
I've added the following lines to /etc/security/limits.conf:
* soft nofile 100000
* hard nofile …
bantic
- 1,469
- 3
- 14
- 17
18
votes
1 answer
How to authenticate Linux accounts against an Active Directory and mount a Windows share on login?
I'm using Ubuntu 10.04 Server.
Jamie
- 1,274
- 7
- 22
- 39
18
votes
2 answers
"success=n" control syntax in pam.conf / pam.d/* files
After sucessfully configuring Kerberos, this is what I've found in /etc/pam.d/common-auth file:
auth [success=2 default=ignore] pam_unix.so nullok_secure
auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE…
Jamie
- 1,274
- 7
- 22
- 39
16
votes
1 answer
Linux samba server: cifs_mount failed w/return code = -12
Server: RHEL 5.9 / smbd 3.0.33
- Clients: various, though all were using current mount.cifs (5.2)
I already solved this problem, but it was such a nightmare to hunt down these error codes I felt like it needed universal documenting.
Symptoms:…
zastard
- 163
- 1
- 5
15
votes
3 answers
How to fix a crontab access issue with a pam configuration error message?
I attempted to access my crontab as the non-root user "coins" when I encountered a permissions issue as shown in the following error message mentioning the pam configuration:
[coins@COINS-TEST ~]$ crontab -l
Authentication service cannot retrieve…
Raj
- 161
- 1
- 1
- 3