pamEnabling md5 shadow password with authconfigSubmitted by sandip on Sat, 10/02/2010 - 14:44If you notice that /etc/shadow file password is using DES encryption, MD5 encryption can be enabled via: authconfig --enablemd5 --enableshadow --updateIf authconfig is not present edit, "/etc/pam.d/system-auth" and add "md5 shadow" to line starting with "password sufficient pam_unix.so" so it looks like below: password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok»
Setup secure ProFTPdSubmitted by sandip on Fri, 06/12/2009 - 14:42Ftp can be secured using ftps to connect. Below outlines a configuration to support such a setup using TLS/SSL. I usually use the epel repository to install proftpd: yum --enablerepo=epel install proftpdConfigure for tls/ssl connection: chroot and bindsocket to listen to single IP: Setup passive ftp ports: </Global>Create the certs: mkdir -p /etc/pki/tls/proftpdCreate /etc/pam.d/ftp so PAM can authenticate for proftpd: #%PAM-1.0Add "/bin/false" to "/etc/shells" file and use it as the shell type when creating new users: useradd -s /bin/false <ftp_user>»
set_loginuid failed opening loginuidSubmitted by sandip on Tue, 02/03/2009 - 10:51If this file doesn't exist: /proc/<pid of crond>/loginuidIt's because the kernel doesn't have AUDIT enabled. So you get a bunch of errors in "/var/log/secure" with "set_loginuid failed opening loginuid". Recompile kernel with audit support: CONFIG_AUDIT=yIf recompiling of kernel is not an option then: Comment the below lines from all pam.d files. session required pam_loginuid.soFind files via: # grep -l pam_loginuid.so /etc/pam.d/*  |
User loginRecent blog posts
Who's onlineThere are currently 0 users and 4 guests online.
|