Difference between revisions of "Pam"
From Bashlinux
Line 1: | Line 1: | ||
__NOTOC__ |
__NOTOC__ |
||
= PAM = |
= PAM = |
||
− | == |
+ | == How to launch application from Desktop with password protection == |
Assuming the application in question is ''Firefox'', this works using `bin` and `sbin` pair assisted by `consolehelper` that will verify the PAM restrictions. Note that every file created should match the name of the binary to be protected. |
Assuming the application in question is ''Firefox'', this works using `bin` and `sbin` pair assisted by `consolehelper` that will verify the PAM restrictions. Note that every file created should match the name of the binary to be protected. |
||
# Move binary file |
# Move binary file |
||
Line 56: | Line 56: | ||
<pre><nowiki> |
<pre><nowiki> |
||
ln -s /usr/lib/${FIREFOX}/icons/default.xpm /usr/share/pixmaps/firefox.xpm |
ln -s /usr/lib/${FIREFOX}/icons/default.xpm /usr/share/pixmaps/firefox.xpm |
||
+ | </nowiki></pre> |
||
+ | |||
+ | |||
+ | == How to setup ssh authentication and an ldap client == |
||
+ | On CentOS run the following command |
||
+ | |||
+ | <pre><nowiki> |
||
+ | authconfig --enableldap --enableldapauth --disablenis --enablecache \ |
||
+ | --ldapserver=ldap.bashlinux.com --ldapbasedn=dc=bashlinux,dc=com \ |
||
+ | --updateall |
||
</nowiki></pre> |
</nowiki></pre> |
Revision as of 02:36, 2 February 2012
PAM
How to launch application from Desktop with password protection
Assuming the application in question is Firefox, this works using `bin` and `sbin` pair assisted by `consolehelper` that will verify the PAM restrictions. Note that every file created should match the name of the binary to be protected.
- Move binary file
mv /usr/bin/firefox /usr/sbin/firefox ln -s /usr/bin/consolehelper /usr/bin/firefox
- Create a security file `/etc/security/console.apps/firefox` and add the following lines:
USER=<user> PROGRAM=/usr/sbin/firefox SESSION=True
User The line user should literally write as `<user>`, it will ask a password for the current user. If you need to run the application as specific user, for example `foo` then change the literal string `<user>` by `foo`, or in some cases if need to restrict to only root, user `root` instead `<user>`.
- Create a PAM file `/etc/pam.d/firefox`
#%PAM-1.0 auth sufficient pam_rootok.so auth sufficient pam_timestamp.so auth include system-auth account required pam_permit.so session required pam_permit.so session optional pam_xauth.so session optional pam_timestamp.so
- Create the Desktop launcher `~/Desktop/firefox.desktop`
[Desktop Entry] Encoding=UTF-8 Version=1.0 Type=Application Terminal=false Name[en_US]=Firefox Exec=/usr/bin/firefox Comment[en_US]=Launch Firefox Icon[en_US]=/usr/share/pixmaps/firefox.xpm Name=Firefox Comment=Launch Firerox Icon=/usr/share/pixmaps/firefox.xpm
The `png` icon under `/usr/share/pixmaps` is too big, so you might want to link the small one from firefox installation to the icon folder.
ln -s /usr/lib/${FIREFOX}/icons/default.xpm /usr/share/pixmaps/firefox.xpm
How to setup ssh authentication and an ldap client
On CentOS run the following command
authconfig --enableldap --enableldapauth --disablenis --enablecache \ --ldapserver=ldap.bashlinux.com --ldapbasedn=dc=bashlinux,dc=com \ --updateall