Pam: Difference between revisions
From Bashlinux
Jump to navigationJump to search
Content deleted Content added
No edit summary |
Redirected page to PAM |
||
| Line 1: | Line 1: | ||
#REDIRECT [[PAM]] |
|||
__NOTOC__ |
|||
=== How to launch an application from the Desktop with password protection === |
|||
Assuming the application in question is <tt>Firefox</tt>, this works using <tt>bin</tt> and <tt>sbin</tt> pair assisted by <code>consolehelper</code> that will verify the PAM restrictions. Note that every file created should match the name of the binary to be protected. |
|||
* Move binary file |
|||
mv /usr/bin/firefox /usr/sbin/firefox |
|||
ln -s /usr/bin/consolehelper /usr/bin/firefox |
|||
* Create a security file <tt>/etc/security/console.apps/firefox</tt> and add the following lines: |
|||
USER=<user> |
|||
PROGRAM=/usr/sbin/firefox |
|||
SESSION=True |
|||
'''User'''<br> |
|||
The line user should literally write as <tt><user></tt>, it will ask a password for the current user. If you need to run the application as specific user, for example <tt>foo</tt> then change the literal string <tt><user></tt> by <tt>foo</tt>, or in some cases if need to restrict to only root, user <tt>root</tt> instead <tt><user></tt>. |
|||
* Create a PAM file <tt>/etc/pam.d/firefox</tt> |
|||
#%PAM-1.0 |
|||
auth sufficient pam_rootok.so |
|||
auth sufficient pam_timestamp.so |
|||
auth include system-auth |
|||
account required pam_permit.so |
|||
session required pam_permit.so |
|||
session optional pam_xauth.so |
|||
session optional pam_timestamp.so |
|||
* Create the Desktop launcher <tt>~/Desktop/firefox.desktop</tt> |
|||
[Desktop Entry] |
|||
Encoding=UTF-8 |
|||
Version=1.0 |
|||
Type=Application |
|||
Terminal=false |
|||
Name[en_US]=Firefox |
|||
Exec=/usr/bin/firefox |
|||
Comment[en_US]=Launch Firefox |
|||
Icon[en_US]=/usr/share/pixmaps/firefox.xpm |
|||
Name=Firefox |
|||
Comment=Launch Firerox |
|||
Icon=/usr/share/pixmaps/firefox.xpm |
|||
The <tt>png</tt> icon under <tt>/usr/share/pixmaps</tt> is too big, so you might want to link the small one from firefox installation to the icon folder. |
|||
ln -s /usr/lib/${FIREFOX}/icons/default.xpm /usr/share/pixmaps/firefox.xpm |
|||
=== How to setup ssh authentication and an ldap client === |
|||
On CentOS run the following command |
|||
authconfig --enableldap --enableldapauth --disablenis --enablecache \ |
|||
--ldapserver=ldap.bashlinux.com --ldapbasedn=dc=bashlinux,dc=com \ |
|||
--updateall |
|||
Latest revision as of 17:24, 9 June 2015
Redirect to:
