Pam
From Bashlinux
How to launch an application from the Desktop with password protection
Assuming the application in question is Firefox, this works using bin and sbin pair assisted by consolehelper
that will verify the PAM restrictions. Note that every file created should match the name of the binary to be protected.
- Move binary file
mv /usr/bin/firefox /usr/sbin/firefox ln -s /usr/bin/consolehelper /usr/bin/firefox
- Create a security file /etc/security/console.apps/firefox and add the following lines:
USER=<user> PROGRAM=/usr/sbin/firefox SESSION=True
User
The line user should literally write as <user>, it will ask a password for the current user. If you need to run the application as specific user, for example foo then change the literal string <user> by foo, or in some cases if need to restrict to only root, user root instead <user>.
- Create a PAM file /etc/pam.d/firefox
#%PAM-1.0 auth sufficient pam_rootok.so auth sufficient pam_timestamp.so auth include system-auth account required pam_permit.so session required pam_permit.so session optional pam_xauth.so session optional pam_timestamp.so
- Create the Desktop launcher ~/Desktop/firefox.desktop
[Desktop Entry] Encoding=UTF-8 Version=1.0 Type=Application Terminal=false Name[en_US]=Firefox Exec=/usr/bin/firefox Comment[en_US]=Launch Firefox Icon[en_US]=/usr/share/pixmaps/firefox.xpm Name=Firefox Comment=Launch Firerox Icon=/usr/share/pixmaps/firefox.xpm
The png icon under /usr/share/pixmaps is too big, so you might want to link the small one from firefox installation to the icon folder.
ln -s /usr/lib/${FIREFOX}/icons/default.xpm /usr/share/pixmaps/firefox.xpm
How to setup ssh authentication and an ldap client
On CentOS run the following command
authconfig --enableldap --enableldapauth --disablenis --enablecache \ --ldapserver=ldap.bashlinux.com --ldapbasedn=dc=bashlinux,dc=com \ --updateall