Re: [webmin-l] Help with Webmin authentication using FreeIPA

[Przemysław O. <prz...@ma...>]

webmin and virtualmin are capable of using pam but ...

1) they will always fallback to /etc/passwd :]

here is a pam file that works for me using ipa

cat /etc/pam.d/webmin
#%PAM-1.0
auth       required    pam_sepermit.so
auth       substack     password-auth
auth       include      postlogin
# Used with polkit to reauthorize users in remote sessions
-auth      optional     pam_reauthorize.so prepare
account    required     pam_nologin.so
account    include      password-auth
password   include      password-auth
# pam_selinux.so close should be the first session rule
session    required     pam_selinux.so close
session    required     pam_loginuid.so
# pam_selinux.so open should only be followed by sessions to be executed 
in the user context
session    required     pam_selinux.so open env_params
session    required     pam_namespace.so
session    optional     pam_keyinit.so force revoke
session    include      password-auth
session    include      postlogin
# Used with polkit to reauthorize users in remote sessions
-session   optional     pam_reauthorize.so prepare


##%PAM-1.0
#auth    required    pam_unix.so    nullok
#account    required    pam_unix.so
#session    required    pam_unix.so


W dniu 22.05.2018 o 14:41, Victor Pelagatti pisze:
> Hi,
>
> I'm trying to authenticate Webmin login using my FreeIPA server. The 
> PAM authentication is working on the server but I failed to setup 
> Webmin to use PAM for login authentication.
>
> I configure PAM for webmin on /etc/pam.d/webmin:
>
> #%PAM-1.0
> auth       sufficient   pam_sss.so
> auth       required     pam_unix.so nullok
>
> account    include      password-auth
>
> password   include      password-auth
>
> session    required     pam_loginuid.so
> session    include      password-auth
>
>
>
> Could someone give a clue?
>
> Thanks
>
> Distro: CentOS 7.5.1804
> Webmin: webmin-1.881-1.noarch
> Freeipa server: 4.5.0-21
>
>
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>
>
> -
> Forwarded by the Webmin mailing list at web...@li...
> To remove yourself from this list, go to
> http://lists.sourceforge.net/lists/listinfo/webadmin-list