Highest Voted 'pam' Questions - Unix and Linux Stack Exchange

111

votes

3 answers

Why is there a big delay after entering a wrong password?

I notice a weird (well, according to me) thing about passwords. For example, if I type an incorrect password during login, there will be a few seconds' delay before the system tells me so. When I try to sudo with a wrong password I would also have…

asked Sep 16 '10 at 05:18

phunehehe

20,030
27
99
151

74

votes

5 answers

Allow user1 to "su - user2" without password

I need to allow user martin to switch to user martin-test without password su - martin-test I think this can be configured in /etc/pam.d/su. There are already some lines in that file which can be uncommented. However, I don't like the idea of…

users password authentication pam

asked Feb 05 '14 at 21:26

Martin Vegter

69
66
195
326

36

votes

2 answers

How does one change the delay that occurs after entering an incorrect password?

After entering an incorrect password at a login prompt, there s an approximately 3-second delay. How can I change that on a Linux system with PAM?

login pam hardening

asked Jun 16 '12 at 16:37

Shawn J. Goff

45,338
25
134
145

33

votes

2 answers

How do I force a user to change a password at the first time login using ssh?

I'm trying to force a newly created user to change a password at the first time login using ssh. For security reasons I want to give him a secure password until he logs in for the first time. I did the following so far: useradd -s /bin/bash -m -d…

linux bash ssh login pam

asked Dec 11 '14 at 09:56

JohnnyFromBF

3,476
10
32
42

28

votes

4 answers

Why does sudo -i not set XDG_RUNTIME_DIR for the target user?

XDG_RUNTIME_DIR is necessary for systemctl --user to work. I have set up ubuntu server 16.04 to run systemd user sessions. Now, when trying to administer them, I find that when changin a user via sudo -u $user -i or even su - $user, the environment…

ssh systemd sudo pam

asked Feb 22 '17 at 14:30

mkaito

596
1
5
11

25

votes

2 answers

Effect of entries in /etc/securetty

By default on RHEL 5.5 I have [deuberger@saleen trunk]$ sudo cat /etc/securetty console vc/1 vc/2 vc/3 vc/4 vc/5 vc/6 vc/7 vc/8 vc/9 vc/10 vc/11 tty1 tty2 tty3 tty4 tty5 tty6 tty7 tty8 tty9 tty10 tty11 What is the difference between each of the…

security login pam

asked Jun 28 '12 at 13:14

deuberger

855
1
8
13

24

votes

5 answers

Escape hash mark (#) in /etc/environment

I am adding an env variable to /etc/environment but because the variable value contains # sign, string is stripped. MYSQL_PWD="something#no" Now if I do env above code yields MYSQL_PWD=something. How can I escape hash? I've already tried \…

environment-variables login pam

asked Oct 26 '13 at 21:58

Umair A.

353
1
2
5

24

votes

5 answers

How to stop sudo PAM messages in auth.log for a specific user?

I am using Zabbix for monitoring my environment and zabbix_agentd executes as user zabbix one custom script every 60 seconds; it uses sudo to run this script as root. In /var/log/auth.log I see every 60 seconds: Aug 11 17:40:32 my-server sudo:…

sudo logs authentication pam

asked Aug 20 '15 at 08:54

user63431

22

votes

2 answers

PAM - required and sufficient control flag

I'm studying PAM, and I'm a bit clueless about the meaning of some combination of control flags. From the Red Hat documentation we have: required failure of such a PAM will ultimately lead to the PAM-API returning failure but only after the…

authentication pam

asked Dec 21 '13 at 09:02

ludiegu

1,607
5
21
31

20

votes

3 answers

How to prevent shutdown when an SSH user is logged in?

I'm administrating a networked environment and I had an interesting situation arise yesterday. When a host is required to shutdown by a regular user, it refuses to do so if other users are logged in locally. This, however, is not the case when other…

ubuntu ssh shutdown pam mandriva

asked Feb 28 '13 at 12:32

Joseph R.

38,849
7
107
143

16

votes

3 answers

PAM: Authentication failure, with valid password

Command pamtester -v auth pknopf authenticate pamtester: invoking pam_start(auth, pknopf, ...) pamtester: performing operation - authenticate Password: pamtester: Authentication failure journctl Feb 06 13:22:17 PAULS-ARCH unix_chkpwd[31998]: check…

pam

asked Feb 06 '18 at 23:23

Paul Knopf

1,151
2
13
25

15

votes

3 answers

sshd: what are the practical effects of setting "UsePAM no"

in /etc/ssh/sshd_config, PAM is enabled by default on Debian 10: UsePAM yes In a situation when I don't want to allow login with password or kerberos, and only want to allow SSH key authentication, does it still have any advantage to enable PAM in…

ssh login sshd pam

asked Oct 14 '21 at 04:02

400 the Cat

819
4
37
85

15

votes

4 answers

Groups differ from the local ones when logging in remotely

We store our users in LDAP, alongside some groups that have meaning across different systems (organizational roles including wheel). There are also groups local to workstations, e.g. audio or video that are not desirable to be put into LDAP. Now if…

ssh group authentication pam ldap

asked Jan 04 '13 at 12:46

Max

957
6
14

15

votes

7 answers

vsftpd fails pam authentication

Moving a tried-and-true vsftpd configuration onto a new server with Fedora 16, I ran into a problem. All seems to go as it should, but user authentication fails. I cannot find any entry in any log that indicates what happened. Here is the full…

security ftp authentication pam

asked Apr 28 '12 at 16:53

KateYoak

735
1
8
13

13

votes

2 answers

How to lock users after 5 unsuccessful login tries?

How to lock users after 5 unsuccessful login tries? I gathered a few distributions/versions to how to do it, but I can't test it. RHEL4: by adding the: auth required /lib/security/$ISA/pam_tally.so no_magic_root account required …

password pam lock

asked Jun 04 '13 at 14:33

gasko peter

5,434
22
83
145

Questions tagged [pam]