Menu
▾
▴
RE: [webmin-l] Configure Webmin with PAM Authentication
|
From: Laurenz, D. <Dir...@fu...> - 2005-10-06 14:26:29
|
Hi, this problem still exists. Mit freundlichem Gru=DF, Dirk Laurenz Systems Engineer=09 Fujitsu Siemens Computers S CE DE SE PS N/O Sales Central Europe Deutschland=20 Professional Service Nord / Ost Hildesheimer Strasse 25 30880 Laatzen Germany Telephone: +49 (511) 84 89 - 18 08 Telefax: +49 (511) 84 89 - 25 18 08 Mobile: +49 (170) 22 10 781 Email: mailto:dir...@fu... Internet: http://www.fujitsu-siemens.com http://www.fujitsu-siemens.de/services/index.html *************************************************************************= ****************************************** =20 -| -----Original Message----- -| From: web...@li...=20 -| [mailto:web...@li...] On=20 -| Behalf Of Dir...@fu... -| Sent: Tuesday, September 20, 2005 1:44 PM -| To: web...@li... -| Subject: RE: [webmin-l] Configure Webmin with PAM Authentication -| =20 -| Hi, -| =20 -| i use a SuSE SLES 9 and they offer a pam_unix2.conf, which itself -| uses ldap as you can see here. Moreover we also tried pam_ldap.so=20 -| directly and logging on via shell or samba /w ldap works fine. -| =20 -| hgest3201:~ # cat /etc/security/pam_unix2.conf -| # pam_unix2 config file -| # -| # This file contains options for the pam_unix2.so module. -| # It contains a list of options for every type of management group, -| # which will be used for authentication, account management and -| # password management. Not all options will be used from=20 -| all types of -| # management groups. -| # -| # At first, pam_unix2 will read this file and then uses the local -| # options. Not all options can be set her global. -| # -| # Allowed options are: -| # -| # debug (account, auth, password, session) -| # nullok (auth) -| # md5 (password) -| # bigcrypt (password) -| # blowfish (password) -| # crypt_rounds=3DXX -| # none (session) -| # trace (session) -| # call_modules=3Dx,y,z (account, auth, password) -| # -| # Example: -| # auth: nullok -| # account: -| # password: nullok blowfish crypt_rounds=3D8 -| # session: none -| # -| auth: use_ldap -| account: use_ldap -| password: md5 -| session: none use_ldap -| =20 -| =20 -| =20 -| Mit freundlichem Gru=DF, -| =20 -| =20 -| =20 -| Dirk Laurenz -| Systems Engineer=09 -| =20 -| Fujitsu Siemens Computers -| S CE DE SE PS N/O -| Sales Central Europe Deutschland=20 -| Professional Service Nord / Ost -| =20 -| Hildesheimer Strasse 25 -| 30880 Laatzen -| Germany -| =20 -| Telephone: +49 (511) 84 89 - 18 08 -| Telefax: +49 (511) 84 89 - 25 18 08 -| Mobile: +49 (170) 22 10 781 -| Email: mailto:dir...@fu... -| Internet: http://www.fujitsu-siemens.com -| http://www.fujitsu-siemens.de/services/index.html -| ************************************************************ -| ******************************************************* -| =20 -| =20 -| -| -----Original Message----- -| -| From: web...@li...=20 -| -| [mailto:web...@li...] On=20 -| -| Behalf Of Jamie Cameron -| -| Sent: Tuesday, September 20, 2005 11:34 PM -| -| To: web...@li... -| -| Subject: Re: [webmin-l] Configure Webmin with PAM Authentication -| -| =20 -| -| Hi Dirk, -| -| One thing you will definately need is to setup=20 -| -| /etc/pam.d/webmin to use pam_ldap.so . Typically this also=20 -| -| requires that a file like /etc/pam.d/pam_ldap.conf be set=20 -| -| up to talk to your LDAP server.. although that file may be=20 -| -| in a different location depending on your Linux distribution. -| -| =20 -| -| - Jamie -| -| =20 -| -| -----Original Message----- -| -| =20 -| -| From: <Dir...@fu...> -| -| Subj: [webmin-l] Configure Webmin with PAM Authentication -| -| Date: Tue 20 Sep 2005 6:32 pm -| -| Size: 1K -| -| To: <web...@li...> -| -| =20 -| -| Hello list, -| -| =20 -| -| i want to configure webmin to authenticate users against an=20 -| -| ldap server. -| -| Users in a certain (ldap) group should be able to=20 -| -| administer the server. -| -| I don't want to a have a second source of authentication.=20 -| -| I got so far, that webmin uses the ldap accounts in that=20 -| -| way, that if the -| -| user exists he will be authenticated, but it doesn't=20 -| matter which=20 -| -| password you type in as long as it is not zero length. What=20 -| -| i want to have, -| -| that webmin authenticates against the ldap server and has=20 -| -| no vitual users. -| -| (like in MS AD, oder sudo where an account as=20 -| additional privileges) -| -| =20 -| -| Here's my setup: -| -| hgest3201:/etc/webmin # cat miniserv.conf -| -| port=3D20000 -| -| addtype_cgi=3Dinternal/cgi -| -| realm=3DWebmin Server -| -| logfile=3D/var/webmin/miniserv.log -| -| errorlog=3D/var/webmin/miniserv.error -| -| pidfile=3D/var/webmin/miniserv.pid -| -| logtime=3D168 -| -| ppath=3D -| -| ssl=3D1 -| -| env_WEBMIN_CONFIG=3D/etc/webmin -| -| env_WEBMIN_VAR=3D/var/webmin -| -| atboot=3D1 -| -| logout=3D/etc/webmin/logout-flag -| -| listen=3D20000 -| -| denyfile=3D\.pl$ -| -| log=3D1 -| -| blockhost_failures=3D3 -| -| blockhost_time=3D300 -| -| syslog=3D1 -| -| session=3D1 -| -| userfile=3D/etc/webmin/miniserv.users -| -| keyfile=3D/etc/webmin/miniserv.pem -| -| passwd_file=3D/etc/shadow -| -| passwd_uindex=3D0 -| -| passwd_pindex=3D1 -| -| passwd_cindex=3D2 -| -| passwd_mindex=3D4 -| -| passwd_mode=3D0 -| -| preroot=3Dmscstyle3 -| -| passdelay=3D1 -| -| logouttime=3D -| -| root=3D/usr/libexec/webmin -| -| mimetypes=3D/usr/libexec/webmin/mime.types -| -| bind=3D192.168.53.44 -| -| sockets=3D -| -| pam_conv=3D1 -| -| no_pam=3D0 -| -| unixauth=3Dpam -| -| =20 -| -| hgest3201:/etc/webmin # cat /etc/pam.d/webmin -| -| #%PAM-1.0 -| -| =20 -| -| =20 -| -| auth required pam_unix2.so -| -| account required pam_unix2.so -| -| session required pam_unix2.so -| -| password required pam_unix2.so -| -| =20 -| -| =20 -| -| =20 -| -| =20 -| -| Mit freundlichem Gru=DF, -| -| =20 -| -| =20 -| -| =20 -| -| Dirk Laurenz -| -| Systems Engineer=09 -| -| =20 -| -| Fujitsu Siemens Computers -| -| S CE DE SE PS N/O -| -| Sales Central Europe Deutschland=20 -| -| Professional Service Nord / Ost -| -| =20 -| -| Hildesheimer Strasse 25 -| -| 30880 Laatzen -| -| Germany -| -| =20 -| -| Telephone: +49 (511) 84 89 - 18 08 -| -| Telefax: +49 (511) 84 89 - 25 18 08 -| -| Mobile: +49 (170) 22 10 781 -| -| Email: mailto:dir...@fu... -| -| Internet: http://www.fujitsu-siemens.com -| -| =20 -| -| --- message truncated --- -| -| =20 -| -| =20 -| -| =20 -| -| =20 -| -| ------------------------------------------------------- -| -| SF.Net email is sponsored by: -| -| Tame your development challenges with Apache's Geronimo App=20 -| -| Server. Download -| -| it for free - -and be entered to win a 42" plasma tv or=20 -| -| your very own -| -| Sony(tm)PSP. Click here to play:=20 -| -| http://sourceforge.net/geronimo.php -| -| - -| -| Forwarded by the Webmin mailing list at=20 -| -| web...@li... -| -| To remove yourself from this list, go to -| -| http://lists.sourceforge.net/lists/listinfo/webadmin-list -| -| =20 -| =20 -| =20 -| ------------------------------------------------------- -| SF.Net email is sponsored by: -| Tame your development challenges with Apache's Geronimo App=20 -| Server. Download -| it for free - -and be entered to win a 42" plasma tv or=20 -| your very own -| Sony(tm)PSP. Click here to play:=20 -| http://sourceforge.net/geronimo.php -| - -| Forwarded by the Webmin mailing list at=20 -| web...@li... -| To remove yourself from this list, go to -| http://lists.sourceforge.net/lists/listinfo/webadmin-list -| =20 |
