[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SSH -> PAM -> pam_smb



Wow, thanks for the
> On Wed, 4 Aug 1999, Kenn Herman wrote:
> > I am testing around with having PAM authenticate against a NT PDC/BDC
(using
> > pam_smb).
>
> Regarding your statement of "strong" passwords: NT does not have a secure
> password storage. Passwords are stored cleartext-equivalent and can be
> retrieved with little effort.

While that might be, all NT connections will be via our intranet or VPN, so
I am not so concerned since if they get physical access to NT boxes, since
by then they have already breached building security.  Only Unix (Linux
actually) connections will be from outside via ssh.

I will be implementing the 'strong passwords' on NT via it's registry (man
do I hate this "easy to administrate" NT interface when you have to much
with the registry...).  Since I really a UNIX person and not NT, I don't
have any formal training in NT security.  If you could point me to what you
mentioned about cleartext stored passwords, that would be great!

> > This works fine.  However, when I try and bring SSH into the
> > fold, it doesn't go through PAM and instead sees that there is a shadow
> > password file and grabs the password from there.  How do I have SSH use
PAM
> > to authenticate, or which config under /etc/pam.d do I need to change?
>
> Do you have a version of ssh that does support pam? Try "ldd sshd" and
look
> if libpam is included in the list.

No it is not included in the libraries.  Where are there does on how to do
this, I have looked around a bit to no avail.

> What operating system are you running?

Linux 2.2.5, Redhat 6.0 with all current errata.

Again thanks for your quick response!

Kenn Herman

>
> --
> Ingo Luetkebohle / 21st Century Digital Boy
> dev/consulting Gesellschaft fuer Netzwerkentwicklung und -beratung mbH
> url: http://www.devconsult.de/ - fon: 0521-1365800 - fax: 0521-1365803
>
> --
> To unsubscribe: mail -s unsubscribe pam-list-request@redhat.com <
/dev/null
>



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []