PAM

From Bashlinux
(Redirected from Pam)
Jump to: navigation, search

How to launch an application from the Desktop with password protection

Assuming the application in question is Firefox, this works using bin and sbin pair assisted by consolehelper that will verify the PAM restrictions. Note that every file created should match the name of the binary to be protected.

  • Move binary file
mv /usr/bin/firefox /usr/sbin/firefox
ln -s /usr/bin/consolehelper /usr/bin/firefox
  • Create a security file /etc/security/console.apps/firefox and add the following lines:
USER=<user>
PROGRAM=/usr/sbin/firefox
SESSION=True

User
The line user should literally write as <user>, it will ask a password for the current user. If you need to run the application as specific user, for example foo then change the literal string <user> by foo, or in some cases if need to restrict to only root, user root instead <user>.

  • Create a PAM file /etc/pam.d/firefox
#%PAM-1.0
auth sufficient pam_rootok.so
auth sufficient pam_timestamp.so
auth include system-auth
account required pam_permit.so
session required pam_permit.so
session optional pam_xauth.so
session optional pam_timestamp.so
  • Create the Desktop launcher ~/Desktop/firefox.desktop
[Desktop Entry]
Encoding=UTF-8
Version=1.0
Type=Application
Terminal=false
Name[en_US]=Firefox
Exec=/usr/bin/firefox
Comment[en_US]=Launch Firefox
Icon[en_US]=/usr/share/pixmaps/firefox.xpm
Name=Firefox
Comment=Launch Firerox
Icon=/usr/share/pixmaps/firefox.xpm

The png icon under /usr/share/pixmaps is too big, so you might want to link the small one from firefox installation to the icon folder.

ln -s /usr/lib/${FIREFOX}/icons/default.xpm /usr/share/pixmaps/firefox.xpm

How to setup ssh authentication and an ldap client

On CentOS run the following command

authconfig --enableldap --enableldapauth --disablenis --enablecache \
--ldapserver=ldap.bashlinux.com --ldapbasedn=dc=bashlinux,dc=com \
--updateall