Software Index
Linux Software Security Tools  

PAM Lockout Module

download download home home   report broken
important software information
company name:
Brian Weaver
license: Freeware
minimum requirements: No special requirements.
functional limitations:
PAM Lockout Module description


PAM Lockout Module is a PAM module is used to lockout users or groups from access to the machine. The module only supports authentication queries and the command line arguments are used to pass the users and groups.

A sample usage is for locking root out from remote access.

--------------- /etc/pam.d/sshd ---------
#%PAM-1.0
auth requisite /lib/security/pam_lockout.so user=root
auth required /lib/security/pam_stack.so service=system-auth
auth required /lib/security/pam_nologin.so
account required /lib/security/pam_stack.so service=system-auth
password required /lib/security/pam_stack.so service=system-auth
session required /lib/security/pam_stack.so service=system-auth
-----------------------------------------

The arguments to the module are in the form of 'user=' or 'group='. There MUST NOT be any spaces in the arguments for the module to work.

I placed the module at the head of the stack to prevent other PAM modules from being accessed by the locked out users. In order for the user or group lockout to work the username or group name should be available via the getpwnam(3) or getgrnam(3) functions.

User comarisions are done using the pw_uid field in the passwd structure. So any user with and id of zero would be locked out in the above example. Group comparisions are done via string compares of the inbound user and the names returned by getgrnam(3).. .



Similar software
PAM Sessionrun (Popularity: ) : PAM Sessionrun is a PAM module that can run a script on the start and stop of a PAM session.. andrew ruder :: index.
pam_tcb (Popularity: ) : pam_tcb is an alternative to shadow. The tcb package contains core components of our tcb suite implementing the alternative password shadowing scheme on Owl.

It is being made available separately from Owl primarily for use by other distributions. Note that you ...

pam_userpass (Popularity: ) : PAM has traditionally assumed that services doing authentication have the ability to interact with the user. Unfortunately, this isn't true for services that implement non-interactive and/or fixed protocols, such as FTP and POP3.

This is typically worked around by making the ...

passwdqc (Popularity: ) : pam_passwdqc is a simple password strength checking module for PAM-aware password changing programs, such as passwd.

In addition to checking regular passwords, it offers support for passphrases and can provide randomly generated ones. All features are optional and can be (re-)configured ...

Endian Firewall (Popularity: ) : Endian Firewall is a "turn-key" linux security distribution based on IPCop that turns every system into a full featured security appliance. Endian Firewall has been designed with "usability in mind" and is very easy to install, use and mange, without ...
Covert Channels Evaluation Framework (Popularity: ) : Covert Channels Evaluation Framework (CCHEF) is a software framework for empirically evaluating covert channels in network protocols running under Linux.

Using encryption is not sufficient to secure communication because the simple fact that communication exists is often enough to raise suspicion ...

Endian Firewall Community (Popularity: ) : Endian Firewall is a "turn-key" linux security distribution based on IPCop that turns every system into a full featured security appliance. Endian Firewall has been designed with "usability in mind" and is very easy to install, use and mange, without ...
pam_dotfile (Popularity: ) : pam_dotfileis a PAM module which allows users to have more than one password for a single account, each for a different service.

This is desirable because many users have objections to using the same password for (as an example) an IMAP4 ...

pam_unix2 (Popularity: ) : pam_unix2 PAM module is for traditional password authentication.

Here are some key features of "pam unix2":

? Allows global configuration file for all options
? Can get passwords from secure NIS+ servers
? Sets secureRPC credentials
? Supports HP-UX password aging.
? Support of passwords with ...

pam_eaccess (Popularity: ) : pam_eaccess is a PAM module which add a generic way to do authorization. Indeed, for each service (for which you want add authorization) you can define the list of users (or all) who are allowed to connect to this service.. ...
pam_unix2 (Popularity: ) : pam_unix2 PAM module is for traditional password authentication.

Here are some key features of "pam unix2":

? Allows global configuration file for all options
? Can get passwords from secure NIS+ servers
? Sets secureRPC credentials
? Supports HP-UX password aging.
? Support of passwords with ...

Puppy Linux (Popularity: ) : Puppy Linux is an evolutionary operating system, based on GNU Linux. What's different here is that Puppy is extraordinarily small, yet quite full featured. Puppy Linux can boot into a 64MB ramdisk, and that's it, the whole caboodle runs in ...
User reviews

Write a review:
1 2 3 4 5 6 7 8 9 10
1=poor 10=excellent
Write review*
Your name*
Email*
  (Comments are moderated, and will not appear on this site until the editor has approved them)
 
AD


Rate me
supported os's
stats
downloads 3
version 0.1
size in Kb 307
popularity   
844/1272475
user rating 0/10
our rating 0 Stars
share info
Recommend PAM Lockout Module
Report spyware
New Software
Popular Software
Latest Reviews