[GLLUG] proftd and PAM

Melson, Paul PMelson@sequoianet.com
Mon, 29 Jul 2002 11:05:02 -0400

There are several PAM modules that are designed to work with Windows NT
(or any SMB domain controller.)  You can find them here at:
http://www.kernel.org/pub/linux/libs/pam/modules.html under the "Samba"
heading (no <#tag>, sorry!).  This page also has links to modules with
LDAP support, which could be used to authenticate to a Win2K ADC or
NetWare 5-6 server.

Hope that helps!


-----Original Message-----
From: Ex Fed [mailto:exfed@hotmail.com]
Sent: Monday, July 29, 2002 10:43 AM
To: Melson, Paul
Subject: RE: [GLLUG] proftd and PAM

Is there a module for PAM that would allow say a NT domain controller
act as 
a centralized password manager for a linux server.  When the password on
NT box was changed those changes were made automatically to the linux



>From: "Melson, Paul" <PMelson@sequoianet.com>
>To: "Ex Fed" <exfed@hotmail.com>, <linux-user@egr.msu.edu>
>Subject: RE: [GLLUG] proftd and PAM
>Date: Mon, 29 Jul 2002 09:30:23 -0400
>MIME-Version: 1.0
>Received: from [] by hotmail.com (3.2) with ESMTP id 
>MHotMailBF0E8ED80057400431123F61DB0D0FBD0; Mon, 29 Jul 2002 06:32:09
>Received: from seqhqemailbh.seqnt.com ([]) by 
>intmail.sequoianet.com with InterScan Messaging Security Suite for
>Mon, 29 Jul 2002 09:31:27 -0400
>Received: from lansingemail.seqnt.com ([]) by 
>seqhqemailbh.seqnt.com with Microsoft SMTPSVC(5.0.2195.4905); Mon, 29
>2002 09:30:24 -0400
>From PMelson@sequoianet.com Mon, 29 Jul 2002 06:32:54 -0700
>X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
>content-class: urn:content-classes:message
>Thread-Topic: [GLLUG] proftd and PAM
>Thread-Index: AcI2/18sm74J68A8TN2TUKwa1mxItwAAgHhg
>Return-Path: PMelson@sequoianet.com
>X-OriginalArrivalTime: 29 Jul 2002 13:30:24.0262 (UTC) 
>For all intents and purposes, this is no longer the case.  In older
>systems, the DES hashes were stored in the /etc/passwd file and were
>readable by any user on the system.  It used to be that any dunce with
>copy of Crack could download this file and run a brute-force attack
>against it to identify passwords.
>In most modern UNIX systems (Linux and BSD very much included), shadow
>passwords are used.  The /etc/passwd file still contains the login,
>default shell, home directory, and GECOS info for all of your users,
>the password hash is missing.  Instead, it's stored in a file
>/etc/shadow) that is only readable by root.  If you can't read the
>hashes, you can't crack them.  If you're already root, you don't need
>crack them.
>You can use PAM to enhance your password security in other ways,
>You can use the pam_cracklib or pam_pwdb module to enforce password
>standards and prevent users from choosing weak passwords.  PAM has lots
>of other modules that can be used to increase user/login security.
>of course, if it's a larger environment (say, NDS or AD), you can use
>PAM to authenticate your users to the directory via LDAP or RADIUS and
>let the directory manage your password policies for your Linux systems
>as well.
>-----Original Message-----
>From: Ex Fed [mailto:exfed@hotmail.com]
>Sent: Monday, July 29, 2002 8:54 AM
>To: linux-user@egr.msu.edu
>Subject: [GLLUG] proftd and PAM
>From what I understand, given the contents of /etc/passwords, it is
>for an individual to use this information, along with crypt and a
>or a brute force attempt to figure out what are your passwords.
>Does PAM provide us with greater security (does it still use
>or shadow passwords, and is it easy to configure with most software
>supports it?
>Chat with friends online, try MSN Messenger: http://messenger.msn.com
>linux-user mailing list

Send and receive Hotmail on your mobile device: http://mobile.msn.com