KDE and PAM
Jason Williams
jason at seanet.com
Tue Nov 29 23:34:24 GMT 2005
On Nov 26, 2005, at 11:48 AM, Andrea Venturoli wrote:
> Hello.
> I've got a problem.
> I'm using KDE 3.4.3 on a 5.4p8 system: simply it does not check for
> password!!!
> At login (using kdm) I just enter my username and can leave the
> password field blank or type whatever I want. The same happens
> after the screen saver has locked up my session.
> Here's my /etc/pam.d/kde:
>
> #
> # $FreeBSD: src/etc/pam.d/kde,v 1.6 2003/04/30 21:57:54 markm Exp $
> #
> # PAM configuration for the "kde" service
> #
>
> # auth
> auth required pam_nologin.so no_warn
> #auth sufficient pam_krb5.so no_warn
> try_first_pass
> #auth sufficient pam_ssh.so no_warn
> try_first_pass
> #auth required pam_unix.so no_warn
> try_first_pass
> auth sufficient /usr/local/lib/pam_smb_auth.so
>
> # account
> #account required pam_krb5.so
> account required pam_unix.so
>
> # session
> #session optional pam_ssh.so
> session required pam_permit.so
>
>
>
>
> I've tryed googling, but I only came up either with vulnerability
> reports for older KDE releases (which should have been corrected)
> or with hints which are specific to some particular Linux-based OS.
> Any hiny appreciated.
>
> BTW, I'm also using nss_ldap, in case it matters, and text console
> login works fine.
>
> bye & Thanks
> av.
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-
> unsubscribe at freebsd.org"
>
Andrea,
The freebsd website has a excellent section on the pam module that
REALLY helped me out. I believe you will find the answer in there.
Here is a link:
http://www.freebsd.org/doc/en_US.ISO8859-1/articles/pam/index.html
I would suggest that you probably need something like the following
for the auth section in /etc/pam.conf (FreeBSD 5.4) or in /etc/pam.d/
system (FreeBSD 6):
# auth
auth required pam_nologin.so no_warn
#auth sufficient pam_krb5.so no_warn
try_first_pass
#auth sufficient pam_ssh.so no_warn
try_first_pass
auth sufficient pam_unix.so no_warn
try_first_pass
auth required /usr/local/lib/pam_smb_auth.so
The "required" for pam_smb_auth.so will stop login from
authenticating without a password.
Jason Williams
jwilliams at newhaven.edu
More information about the freebsd-questions
mailing list