pam_skey configuration
From: Binesh Bannerjee (binesh-dated-1089106274.dd2d54_at_hex21.com)
Date: 06/29/04
- Previous message: LucM: "Re: LDAP as password repository"
- Next in thread: Binesh Bannerjee: "Re: pam_skey configuration"
- Reply: Binesh Bannerjee: "Re: pam_skey configuration"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 29 Jun 2004 09:39:04 GMT
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi...
I've been using PAM_Skey and skey for quite some time now...
I'm happy enough with it that now, I want to disable regular password
authentication... Does anyone know how I go about doing this?
auth sufficient /lib/security/pam_skey.so
auth required /lib/security/pam_skey_access.so
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_unix.so shadow use_authtok
session required /lib/security/pam_unix.so
Doesn't seem to do it. And, getting rid of any of the account,password,
session seems to make it accept and decrement the s/key sequence #,
but, it then doesn't let me login. I've also tried changing all the
pam_unix's to pam_skey_access lines, to no avail. (Presumably, because
it then seems to want the NEXT sequence number.)
Can someone tell me what I need to put in my pam configuration to make
an s/key password be the only way to login? (And, not the obvious solution
of disabling the password in /etc/shadow. I need to have regular passwords
on the login screen, this is only for _remote_ logins...)
Thanks,
Binesh Bannerjee
- --
PGP Key: http://www.hex21.com/~binesh/binesh-public.asc
PGP Key fingerprint = 421D B4C2 2E96 B8EE 7190 A0CF B42F E71C 7FC3 AD96
SSH2 Key: http://www.hex21.com/~binesh/binesh-ssh2.pub
OpenSSH Key: http://www.hex21.com/~binesh/binesh-openssh.pub
BubbleBabble = xibeb-voges-havez-pabaf-debop-cylil-lelyc-viruv-bygeg-zotoh-dixex
Fingerprint = 9d:7c:84:5d:80:e3:65:8d:ee:9e:a3:b9:56:0a:e9:ad
SSH1 Key: http://www.hex21.com/~binesh/binesh-ssh1.pub
CipherKnight Seals:
http://www.hex21.com/~binesh/binesh-seal.tar.bz2.cs256
http://www.hex21.com/~binesh/binesh-seal.zip.cs256
http://www.hex21.com/~binesh/binesh-certificate.gif.cs256
Decrypt with CipherSaber2 N=256, Password="WelcomeJedi!" (No quotes)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFA4TiGtC/nHH/DrZYRAkvPAJ9I0rm7NB/60sHEFU3FQzROLV89jwCg/trf
OFG9N6jhd054K08up/kn4pY=
=ulxR
-----END PGP SIGNATURE-----
- Previous message: LucM: "Re: LDAP as password repository"
- Next in thread: Binesh Bannerjee: "Re: pam_skey configuration"
- Reply: Binesh Bannerjee: "Re: pam_skey configuration"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
