Pam: Difference between revisions
From Bashlinux
Jump to navigationJump to search
Content deleted Content added
No edit summary |
Redirected page to PAM |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
#REDIRECT [[PAM]] |
|||
__NOTOC__ |
|||
= PAM = |
|||
== How to launch an application from the Desktop with password protection == |
|||
Assuming the application in question is ''Firefox'', this works using `bin` and `sbin` pair assisted by `consolehelper` that will verify the PAM restrictions. Note that every file created should match the name of the binary to be protected. |
|||
# Move binary file |
|||
<pre><nowiki> |
|||
mv /usr/bin/firefox /usr/sbin/firefox |
|||
ln -s /usr/bin/consolehelper /usr/bin/firefox |
|||
</nowiki></pre> |
|||
# Create a security file `/etc/security/console.apps/firefox` and add the following lines: |
|||
<pre><nowiki> |
|||
USER=<user> |
|||
PROGRAM=/usr/sbin/firefox |
|||
SESSION=True |
|||
</nowiki></pre> |
|||
'''User''' |
|||
The line user should literally write as `<user>`, it will ask a password for the current user. If you need to run the application as specific user, for example `foo` then change the literal string `<user>` by `foo`, or in some cases if need to restrict to only root, user `root` instead `<user>`. |
|||
# Create a PAM file `/etc/pam.d/firefox` |
|||
<pre><nowiki> |
|||
#%PAM-1.0 |
|||
auth sufficient pam_rootok.so |
|||
auth sufficient pam_timestamp.so |
|||
auth include system-auth |
|||
account required pam_permit.so |
|||
session required pam_permit.so |
|||
session optional pam_xauth.so |
|||
session optional pam_timestamp.so |
|||
</nowiki></pre> |
|||
# Create the Desktop launcher `~/Desktop/firefox.desktop` |
|||
<pre><nowiki> |
|||
[Desktop Entry] |
|||
Encoding=UTF-8 |
|||
Version=1.0 |
|||
Type=Application |
|||
Terminal=false |
|||
Name[en_US]=Firefox |
|||
Exec=/usr/bin/firefox |
|||
Comment[en_US]=Launch Firefox |
|||
Icon[en_US]=/usr/share/pixmaps/firefox.xpm |
|||
Name=Firefox |
|||
Comment=Launch Firerox |
|||
Icon=/usr/share/pixmaps/firefox.xpm |
|||
</nowiki></pre> |
|||
The `png` icon under `/usr/share/pixmaps` is too big, so you might want to link the small one from firefox installation to the icon folder. |
|||
<pre><nowiki> |
|||
ln -s /usr/lib/${FIREFOX}/icons/default.xpm /usr/share/pixmaps/firefox.xpm |
|||
</nowiki></pre> |
|||
== How to setup ssh authentication and an ldap client == |
|||
On CentOS run the following command |
|||
<pre><nowiki> |
|||
authconfig --enableldap --enableldapauth --disablenis --enablecache \ |
|||
--ldapserver=ldap.bashlinux.com --ldapbasedn=dc=bashlinux,dc=com \ |
|||
--updateall |
|||
</nowiki></pre> |
|||
Latest revision as of 17:24, 9 June 2015
Redirect to:
