| View previous topic :: View next topic |
| Author |
Message |
zebbedi
Tux's lil' helper
Joined: 05 Sep 2003
Posts: 123
|
 Posted: Thu Apr 05, 2012 10:17 am Post subject: pam system-auth help |
 |
|
I'm struggling with my pam configuration. I need to be able to use local or active directory logins but also want to use ecryptfs. Trouble is by specifying 'sufficient' for either pam_unix or pam_winbind causes pam to exit with a successful login and not run pam_ecryptfs after it. I've tried using 'optional' and tried pam_permit but that then means i can either not login at all or can login even with an invalid password. I can't seem to be able to get the correct configuration. Can anyone please help?
| Code: |
auth required pam_env.so
auth sufficient pam_unix.so try_first_pass likeauth nullok
auth sufficient pam_winbind.so try_first_pass
auth required pam_ecryptfs.so unwrap
auth required pam_deny.so
|
|
|
| Back to top |
|
 |
zebbedi
Tux's lil' helper
Joined: 05 Sep 2003
Posts: 123
|
| Posted: Thu Apr 05, 2012 1:52 pm Post subject: |
|
|
I think i have solved this with the following:
| Code: | ## If pam_unix passes skip 2 positions over the pam_deny and then onto pam_ecryptfs.
## If pam_winbind passes skip 1 position over the pam_deny and then onto the pam_ecryptfs.
auth [success=2 new_authtok_reqd=done default=ignore] pam_unix.so try_first_pass likeauth nullok
auth [success=1 new_authtok_reqd=done default=ignore] pam_winbind.so try_first_pass
auth required pam_deny.so
auth required pam_ecryptfs.so unwrap
auth required pam_permit.so |
|
|
| Back to top |
|
|
|
Networking & Security
