Integrated Login
Tomas Mraz
tmraz at redhat.com
Tue Mar 25 11:14:43 UTC 2008
On Tue, 2008-03-25 at 12:49 +0200, Ido Levy wrote:
> Hello,
>
> Following your advice I have successfully setup integrated login for
> ssh.
> I got both AFS token and Kerberos 5 ticket.
>
> Following are the PAM files of sshd and system-auth:
> I have a few questions regarding the setup of sshd PAM file that looks
> a little strange for me although it's working and satisfy my needs.
>
> sshd
Here is my recommendation - try if that works:
#%PAM-1.0
auth required pam_listfile.so item=user sense=deny file=/etc/ssh/ssh_host_deny onerr=succeed
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session required pam_limits.so
system-auth
#%PAM-1.0
auth required pam_env.so
auth required pam_krb5.so
auth sufficient pam_afs.so try_first_pass ignore_root set_token
auth required pam_deny.so
account sufficient pam_unix.so
account sufficient pam_krb5.so
account sufficient pam_ldap.so
password requisite pam_passwdqc.so min=disabled,8,8,8,8 passphrase=0 enforce=users
password sufficient pam_krb5.so use_authtok
password required pam_deny.so
session required pam_limits.so
session optional pam_krb5.so
session optional pam_ldap.so
session required pam_unix.so
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
More information about the Pam-list
mailing list