Questions tagged [pam]

Pluggable authentication modules, a flexible framework for configuring authentication, most commonly the login component of Linux systems, but used in other components and operating systems.

729 questions
43
votes
2 answers

Slow ssh login - Activation of org.freedesktop.login1 timed out

On one of my servers I've noticed really delay on SSH logins. Connecting using the ssh -vvv options the delay occurs at debug1: Entering interactive session. extract of connection: debug1: Authentication succeeded (publickey). Authenticated to…
Alasdair
  • 551
  • 1
  • 4
  • 7
40
votes
7 answers

Switch on PAM debugging to Syslog

How do I switch on PAM debugging in Debian Squeeze at the admin level? I have checked every resource I was able to find. Google, manpages, whatever. The only thing I haven't tried yet (I simply not dare to, did I mention that I hate PAM?) is…
Tino
  • 1,103
  • 1
  • 12
  • 16
35
votes
6 answers

pam service(sshd) ignoring max retries

I have vps that I use to run a webserver on, it currently runs ubuntu server 12.04. Since a few weeks I keep getting a lot of errors in my ssh console. 2014 Apr 11 08:41:18 vps847 PAM service(sshd) ignoring max retries; 6 > 3 2014 Apr 11 08:41:21…
Jerodev
  • 461
  • 1
  • 4
  • 8
30
votes
7 answers

ssh: "Access denied by PAM account configuration" for one non-root user but not another

On a VM I am initializing I am able to log in as one non-root user (admin) but not another (tbbscraper) over SSH with public key authentication. The only error message I can find in any log file is Sep 18 17:21:04 [REDACTED] sshd[18942]: fatal:…
zwol
  • 1,305
  • 2
  • 12
  • 22
30
votes
8 answers

Is there a command line two-factor authentication verification code generator?

I manage a server with two-factor authentication. I have to use the Google Authenticator iPhone app to get the 6-digit verification code to enter after entering the normal server password. The setup is described here:…
dan
  • 787
  • 2
  • 8
  • 11
26
votes
2 answers

Understand PAM and NSS

In the last days I have set up some Linux system with LDAP authentication and everything works fine, but there's still something I can't really understand regarding NSS and PAM, also after a lot of research. Citing: NSS allows administrators to…
ColOfAbRiX
  • 980
  • 2
  • 11
  • 22
24
votes
3 answers

What can be learned about a user from a failed SSH attempt?

What can be learned about a 'user' from a failed malicious SSH attempt? User name entered (/var/log/secure) Password entered (if configured, i.e. by using a PAM module) Source IP address (/var/log/secure) Are there any methods of extracting…
Exbi
  • 373
  • 2
  • 6
24
votes
1 answer

Purpose Behind Disabling PAM in SSH

I'm setting up key based authentication for SSH on a new box, and was reading a few articles that mention setting UsePAM to no along with PasswordAuthentication. My question is, what is the purpose of setting UsePAM to no if you already have…
tacotuesday
  • 1,349
  • 1
  • 14
  • 26
21
votes
5 answers

ulimit -n not changing - values limits.conf has no effect

I am trying to raise the open file descriptor maximum for all users on an ubuntu machine. This question is somewhat of a follow up to this question. open file descriptor limits.conf setting isn't read by ulimit even when pam_limits.so is…
Abbas Gadhia
  • 323
  • 1
  • 3
  • 10
18
votes
2 answers

How to use the ssh server with PAM but disallow password auth?

Many tutorials tell you to config your ssh server like this: ChallengeResponseAuthentication no PasswordAuthentication no UsePAM no but with this setup you cannot use PAM, as i plan to use 2 Factor Auth with Google Authenticator (OTP Onetime…
c33s
  • 1,465
  • 3
  • 20
  • 39
18
votes
2 answers

open file descriptor limits.conf setting isn't read by ulimit even when pam_limits.so is required

I am trying to raise the open file descriptor maximum for all users on an ubuntu machine. I've added the following lines to /etc/security/limits.conf: * soft nofile 100000 * hard nofile …
bantic
  • 1,469
  • 3
  • 14
  • 17
18
votes
1 answer
18
votes
2 answers

"success=n" control syntax in pam.conf / pam.d/* files

After sucessfully configuring Kerberos, this is what I've found in /etc/pam.d/common-auth file: auth [success=2 default=ignore] pam_unix.so nullok_secure auth [success=1 default=ignore] pam_winbind.so krb5_auth krb5_ccache_type=FILE…
Jamie
  • 1,274
  • 7
  • 22
  • 39
16
votes
1 answer

Linux samba server: cifs_mount failed w/return code = -12

Server: RHEL 5.9 / smbd 3.0.33 - Clients: various, though all were using current mount.cifs (5.2) I already solved this problem, but it was such a nightmare to hunt down these error codes I felt like it needed universal documenting. Symptoms:…
zastard
  • 163
  • 1
  • 5
15
votes
3 answers

How to fix a crontab access issue with a pam configuration error message?

I attempted to access my crontab as the non-root user "coins" when I encountered a permissions issue as shown in the following error message mentioning the pam configuration: [coins@COINS-TEST ~]$ crontab -l Authentication service cannot retrieve…
Raj
  • 161
  • 1
  • 1
  • 3
1
2 3
48 49