Pam
From Bashlinux
PAM
How to launch an application from the Desktop with password protection
Assuming the application in question is Firefox, this works using `bin` and `sbin` pair assisted by `consolehelper` that will verify the PAM restrictions. Note that every file created should match the name of the binary to be protected.
- Move binary file
mv /usr/bin/firefox /usr/sbin/firefox ln -s /usr/bin/consolehelper /usr/bin/firefox
- Create a security file `/etc/security/console.apps/firefox` and add the following lines:
USER=<user> PROGRAM=/usr/sbin/firefox SESSION=True
User The line user should literally write as `<user>`, it will ask a password for the current user. If you need to run the application as specific user, for example `foo` then change the literal string `<user>` by `foo`, or in some cases if need to restrict to only root, user `root` instead `<user>`.
- Create a PAM file `/etc/pam.d/firefox`
#%PAM-1.0 auth sufficient pam_rootok.so auth sufficient pam_timestamp.so auth include system-auth account required pam_permit.so session required pam_permit.so session optional pam_xauth.so session optional pam_timestamp.so
- Create the Desktop launcher `~/Desktop/firefox.desktop`
[Desktop Entry] Encoding=UTF-8 Version=1.0 Type=Application Terminal=false Name[en_US]=Firefox Exec=/usr/bin/firefox Comment[en_US]=Launch Firefox Icon[en_US]=/usr/share/pixmaps/firefox.xpm Name=Firefox Comment=Launch Firerox Icon=/usr/share/pixmaps/firefox.xpm
The `png` icon under `/usr/share/pixmaps` is too big, so you might want to link the small one from firefox installation to the icon folder.
ln -s /usr/lib/${FIREFOX}/icons/default.xpm /usr/share/pixmaps/firefox.xpm
How to setup ssh authentication and an ldap client
On CentOS run the following command
authconfig --enableldap --enableldapauth --disablenis --enablecache \ --ldapserver=ldap.bashlinux.com --ldapbasedn=dc=bashlinux,dc=com \ --updateall
