![]() ![]() There is no oddjobd so there are some differences in services, and pam.d. Here are some differences I found when applying this to my centos 5.8 servers. Pay close attention to the account directives, this is where you stipulate the order of what accounts are authorized to access services via PAM. Session pam_succeed_if.so service in crond quiet use_uid Session optional pam_oddjob_mkhomedir.so umask=0077 Password sufficient pam_krb5.so use_authtok Password sufficient pam_unix.so sha512 shadow nullok try_first_pass use_authtok Password requisite pam_cracklib.so try_first_pass retry=3 type= # User changes will be destroyed the next time authconfig is run.Īuth sufficient pam_unix.so nullok try_first_passĪuth requisite pam_succeed_if.so uid >= 500 quietĪuth sufficient pam_krb5.so use_first_passĪccount required pam_unix.so broken_shadowĪccount pam_succeed_if.so uid < 16777216 quietĪccount pam_succeed_if.so user ingroup linuxusers quietĪccount sufficient pam_succeed_if.so uid < 500 quietĪccount pam_krb5.so This will update the authentication system so that AD users that are members of the linuxusers group will be able to access the system. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |