I've been searching my butt off for this on contribs.org and stumbled on it by accident. (can't we make this into an howto in the wiki somerwhere?!):
http://forums.contribs.org/index.php?topic=26380.0I've used the described method to join my SME7 server into an windows2003 ADS domain and have it authenticate against it... IT WORKS!!
There is one question though: this script was made for SME6.x and it describes copying the /etc/e-smith/templates/etc/pam.d/login/20auth template, but it seems on SME7 this '20auth' is not used anymore...
Beeing the newbie i am i just made this custom-template fragment and added the suggested lines (see extract code below). But since this authentication stuff and i don't know what i'm dooing (
) i start to worry... could this be a security risk?!
Could someone tell me if i'm opening a nice door for possible hackers or not?! Are not just the lines with 'sufficient' actually needed... and can the rest be thrown?!
extract:
{
use esmith::db;
use esmith::config;
local $conf{'telnet'} = $telnet;
my $rootLogin = db_get_prop(\%conf, "telnet", "PermitRootLogin")
|| "no";
if (defined $rootLogin && $rootLogin eq 'no')
{
$OUT .= "auth required /lib/security/pam_securetty.so\n";
}
$OUT .= "auth sufficient /lib/security/pam_winbind.so\n";
$OUT .= "auth sufficient /lib/security/pam_unix.so use_first_pass\n";
$OUT .= "auth required /lib/security/pam_stack.so service=system-auth\n";
$OUT .= "auth required /lib/security/pam_nologin.so\n";
} Kind regards,
jester.
1 Replies
2963 Views