Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # /etc/pam.d/sshd
- # =========================================================
- #%PAM-1.0
- auth required pam_sepermit.so
- # OTP Check
- auth [success=1 default=ignore] pam_python.so
- /lib/security/pam_linotp.py nosslhostnameverify nosslcertverify
- url=https://mylinotpsrv.local/validate/simplecheck realm=MYDOMAIN debug
- auth requisite pam_deny.so
- auth substack password-auth
- auth include postlogin
- # Used with polkit to reauthorize users in remote sessions
- -auth optional pam_reauthorize.so prepare
- account required pam_nologin.so
- account include password-auth
- password include password-auth
- # pam_selinux.so close should be the first session rule
- session required pam_selinux.so close
- session required pam_loginuid.so
- # pam_selinux.so open should only be followed by sessions to be executed in the user context
- session required pam_selinux.so open env_params
- session required pam_namespace.so
- session optional pam_keyinit.so force revoke
- session include password-auth
- session include postlogin
- # Used with polkit to reauthorize users in remote sessions
- -session optional pam_reauthorize.so prepare
- /var/log/secure
- ====================================================================================================
- Mar 9 15:25:09 mflinux01 sshd[8215]: Set /proc/self/oom_score_adj to 0
- Mar 9 15:25:09 mflinux01 sshd[8215]: Connection from 192.168.0.13 port 33926 on 192.168.0.12 port 22
- Mar 9 15:25:09 mflinux01 sshd[8215]: Postponed keyboard-interactive for vdn@MYDOMAIN.LOC from 192.168.0.13 port 33926 ssh2 [preauth]
- Mar 9 15:25:17 mflinux01 sshd[8215]: Postponed keyboard-interactive/pam for vdn@MYDOMAIN.LOC from 192.168.0.13 port 33926 ssh2 [preauth]
- Mar 9 15:25:20 mflinux01 sshd[8217]: pam_sss(sshd:auth): authentication success; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.0.13 user=vdn@MYDOMAIN.LOC
- Mar 9 15:25:20 mflinux01 sshd[8220]: pam_krb5[8220]: got error -1 (Unknown code ____ 255) while obtaining tokens for cern.ch
- Mar 9 15:25:20 mflinux01 sshd[8215]: Postponed keyboard-interactive/pam for vdn@MYDOMAIN.LOC from 192.168.0.13 port 33926 ssh2 [preauth]
- Mar 9 15:25:20 mflinux01 sshd[8215]: Accepted keyboard-interactive/pam for vdn@MYDOMAIN.LOC from 192.168.0.13 port 33926 ssh2
- Mar 9 15:25:20 mflinux01 sshd[8215]: fatal: PAM: pam_setcred(): Failure setting user credentials
- /var/log/message
- ====================================================================================================
- Mar 9 15:25:01 mflinux01 systemd: Created slice user-988.slice.
- Mar 9 15:25:01 mflinux01 systemd: Starting user-988.slice.
- Mar 9 15:25:01 mflinux01 systemd: Started Session 12 of user pcp.
- Mar 9 15:25:01 mflinux01 systemd: Starting Session 12 of user pcp.
- Mar 9 15:25:03 mflinux01 systemd: Removed slice user-988.slice.
- Mar 9 15:25:03 mflinux01 systemd: Stopping user-988.slice.
- Mar 9 15:25:09 mflinux01 pam_linotp[8217]: start pam_linotp.py authentication: 1, ['/lib/security/pam_linotp.py', 'nosslhostnameverify', 'nosslcertverify', 'url=https://192.168.0.14/validate/simplecheck', 'realm=MYDOMAIN', 'debug']
- Mar 9 15:25:09 mflinux01 pam_linotp[8217]: got no password in authtok - trying through conversation
- Mar 9 15:25:16 mflinux01 pam_linotp[8217]: got password: 932410
- Mar 9 15:25:16 mflinux01 pam_linotp[8217]: calling url https://192.168.0.14/validate/simplecheck {'realm': 'MYDOMAIN', 'user': 'vdn@MYDOMAIN.LOC', 'pass': '932410'}
- Mar 9 15:25:17 mflinux01 pam_linotp[8217]: :-)
- Mar 9 15:25:17 mflinux01 pam_linotp[8217]: user successfully authenticated
- Mar 9 15:25:20 mflinux01 sshd: Please note: pam_linotp does not support setcred
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement