Revision as of 02:36, 2 February 2012

PAM

How to launch application from Desktop with password protection

Assuming the application in question is Firefox, this works using `bin` and `sbin` pair assisted by `consolehelper` that will verify the PAM restrictions. Note that every file created should match the name of the binary to be protected.

1. Move binary file

 mv /usr/bin/firefox /usr/sbin/firefox
 ln -s /usr/bin/consolehelper /usr/bin/firefox
 

1. Create a security file `/etc/security/console.apps/firefox` and add the following lines:

 USER=<user>
 PROGRAM=/usr/sbin/firefox
 SESSION=True
 

User
The line user should literally write as `<user>`, it will ask a password for the current user.  If you need to run the application as specific user, for example `foo` then change the literal string `<user>` by `foo`, or in some cases if need to restrict to only root, user `root` instead `<user>`.

1. Create a PAM file `/etc/pam.d/firefox`

 #%PAM-1.0
 auth sufficient pam_rootok.so
 auth sufficient pam_timestamp.so
 auth include system-auth
 account required pam_permit.so
 session required pam_permit.so
 session optional pam_xauth.so
 session optional pam_timestamp.so
 

1. Create the Desktop launcher `~/Desktop/firefox.desktop`

 [Desktop Entry]
 Encoding=UTF-8
 Version=1.0
 Type=Application
 Terminal=false
 Name[en_US]=Firefox
 Exec=/usr/bin/firefox
 Comment[en_US]=Launch Firefox
 Icon[en_US]=/usr/share/pixmaps/firefox.xpm
 Name=Firefox
 Comment=Launch Firerox
 Icon=/usr/share/pixmaps/firefox.xpm
 

The `png` icon under `/usr/share/pixmaps` is too big, so you might want to link the small one from firefox installation to the icon folder.

 ln -s /usr/lib/${FIREFOX}/icons/default.xpm /usr/share/pixmaps/firefox.xpm
 

How to setup ssh authentication and an ldap client

On CentOS run the following command

 authconfig --enableldap --enableldapauth --disablenis --enablecache \
 --ldapserver=ldap.bashlinux.com --ldapbasedn=dc=bashlinux,dc=com \
 --updateall