Re: webmin useing pam (and ldap)
* Andreas Schuldei (andreas@schuldei.org) [040417 02:33]:
> my configuration changes are attached.
>
> some files seem to be modified by cfengine allready. this might
> make things easier.
> auth sufficient pam_unix.so
> auth required pam_ldap.so use_first_pass
> account sufficient pam_unix.so
> account required pam_ldap.so
> session required pam_unix.so
> password required pam_unix.so nullok obscure min=4 max=8 md5
> diff -urbB etc/webmin/miniserv.conf /etc/webmin/miniserv.conf
> --- etc/webmin/miniserv.conf Wed Apr 9 05:43:40 2003
> +++ /etc/webmin/miniserv.conf Fri Apr 16 23:19:21 2004
> @@ -16,10 +16,12 @@
> keyfile=/etc/webmin/miniserv.pem
> blockhost_time=300
> no_pam=0
> +pam=webmin
> +unixauth=pam
> passdelay=1
> session=1
> blockhost_failures=3
> diff -urbB etc/webmin/webmin.acl /etc/webmin/webmin.acl
two files are created/modified in webmins postinstall:
miniserv.users is created from scratch with the root password
hash and can be replaced entirely with the miniserv.users file
attached. in this file and the webmin.acl file more users with
different rolles (tachers, students, admins, jradmins) can be
added. the list in webmin.acl is the list of modules each of the
groups have access to, then.
the format of the miniserv.users file is username:x:0::
the x here indicates that pam is used.
in miniserv.conf there needs to be a pam=webmin entry. this
points to /etc/pam.d/webmin (aka the pam file to be used)
the unixauth=pam enty is only a pointer to some user using
unixauthorisation (PAM in our case). it could be an other
username (which should be in miniserv.users, too).
i hope i forgot nothing. (c:
Reply to: