New pam.conf:
sshd auth requisite pam_authtok_get.so.1
sshd auth required pam_dhkeys.so.1
sshd auth required pam_unix_cred.so.1
sshd auth required pam_unix_auth.so.1
sshd account requisite pam_roles.so.1
sshd account required pam_unix_account.so.1
sshd session required pam_unix_session.so.1
sshd password required pam_dhkeys.so.1
sshd password requisite pam_authtok_get.so.1
sshd password requisite pam_authtok_check.so.1
sshd password required pam_authtok_store.so.1
Still looking for ways to implement password checks and validation, like:
forbidden text strings, dictionary checks, max retries, password history, pass min length, account locking.
If anyone has a working restricted PAM configuration on Solaris 10 (including above), please let me know. If I manage to set it up myself, I will post my configuration here.
/Magnus
On Tue, 22 Feb 2005 21:36 , Darren Tucker <dtucker@xxxxxxxxxx> sent:
magnus@xxxxxxxxxxx wrote:
> I'm trying to get OpenSSH to work on my newly installed Solaris 10.
>
> This is my /etc/pam.conf:
>
> #
> # Support for OpenSSH (sshd)
> #
> sshd auth required /usr/lib/security/pam_unix_auth.so.1
> sshd account required /usr/lib/security/pam_unix_account.so.1
> sshd session required /usr/lib/security/pam_unix_session.so.1
Duplicating "other" ought to work (or omitting sshd entirely and letting
it default to "other").
Solaris seems to need far more than you're giving it. Try running this
and adding the result:
$ egrep ^other /etc/pam.conf | sed 's/other/sshd/g'
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
_______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
