Questions tagged [authentication]
Use this tag for questions relating to authentication mechanism (i.e. proving to the system that you are you, using passwords, keycards etc.). In general don't use this and the security tag on the same question, unless it is about the security of the authentication process.
631 questions
2
votes
0
answers
25
views
Linux login and unlock screen by two passwords + face recognition
How to configure PAM to asks for password, and try recognize of face or input additional password.
I need to use sudo by face. Additional password is required to enhance security (nobody will run sudo ...
- 123
3
votes
1
answer
198
views
ssh client automatically reject unknown host key
Is there a way to do this? My web search didn't find one. I'm familiar with StrictHostKeyChecking but there doesn't appear to be an "automatically reject" option. I'm wanting to move to ...
- 123
0
votes
3
answers
569
views
What are the secure ways to use credentials in bash scripts?
I have a third-party service. Its API and credentials let me scrape service data on my local Linux machine. I want to use this API inside a bash script and launch it via cron, but I don't want to ...
- 75
1
vote
3
answers
143
views
Authenticate with a physical button
I have a Raspberry PI Pico laying around and I was thinking about creating a device that, when I need to authenticate myself on Linux, I could just click a button soldered to the Pico, which would ...
- 19
0
votes
1
answer
56
views
Pam with krb5: very strange local user login, krb5 user login, root..no
This is my pam.conf for Slackware 15.0
#%PAM-1.0
#
# Most of these PAM modules have man pages included, like
# pam_unix(8) for example.
#
##################
# Authentication #
##################
...
- 14.3k
0
votes
1
answer
91
views
changing password ldap_bind: Invalid credentials (49)
Information:
I installed ldap-utils and slapd, during installation of slapd, with ncurses dialog, I imported password of administrator.
Then I changed it via
ldapmodify -Q -Y EXTERNAL -H ldapi:/// &...
- 11.3k
2
votes
2
answers
359
views
How to achieve credential caching with run0 (as with sudo)?
sudo has the pleasant property of allowing one to cache credentials, i.e., if one is to execute multiple administrative commands in a row, there's less mistyping passwords.
Can the same be achieved ...
- 52.7k
1
vote
1
answer
171
views
Is there a better way to upload to a mounted SMB share without providing credentials again?
I have an SMB share mounted through nautilus. I am noticing that the gnome-screenshot tool seems to be able to access this mounted share automatically, as I do not get any password prompt when running ...
- 115
1
vote
0
answers
212
views
Why is the PAM configuration not working properly?
I attempted to edit the /etc/pam.d/su file to achieve the following:
When the current user is userX and executes su userM, no password is required. I used the following configuration:
auth [success=...
- 11
1
vote
0
answers
38
views
redhat idm delegation to another redhat idm server
I have a requirement about redhat idm managment delegation requirement
situation: we have a redhat idm server in one of our local domain and also have corporate redhat idm server in another domain. I ...
- 11
7
votes
1
answer
381
views
Would it be a bad idea to set sources.list and sources.list.d only root permissions?
I need to add an repository that requires OAuth 2.0 authentication so I've got to pass it an access token. One of idea is to write it as a query parameter or as Basic Auth password in /etc/apt/sources....
- 103
0
votes
0
answers
29
views
User "Unknown" dialog appears on my desktop
My MATE on arch has been running for four years without unusual problems. But today, restarting after a cold shutdown from the terminal, the desktop throws up a dialog titled "About Unknown"....
- 2,556
0
votes
0
answers
60
views
Tacacs+ server with IPv6 on Ubuntu
How to make Tacacs+ server to work with Ipv6 address on Ubuntu?
It works fine with Ipv4 address but authentication fails when using IPv6 tacacs+.
- 1
0
votes
0
answers
82
views
How can I prove a user is present?
For some actions, one needs to ensure a user is actually present. As an example, sudo requires you to type your password, a secret which is kept carefully by the OS. Thus, if sudo sees the correct ...
- 161
1
vote
1
answer
173
views
Are all packages necessarily reproducible on GUIX?
By default, what will happen if I try to install a package with GUIX and it's not bit-for-bit reproducible?
I'm very concerned about the state of package managers in 2024 (and the risks of supply ...
- 392
1
vote
1
answer
115
views
Check SHA256SUMS and exit non-zero on unexpected file (file not present in digest)
I'm trying to check the integrity of a set of downloaded files using sha256sum.
I cryptographically signed a digest file (named SHA256SUMS) with PGP. I create the file by recursively calculating the ...
- 392
0
votes
1
answer
225
views
Linux multi-server user access
Our organization has a private network of Linux servers. This network is air gapped from the internet and we have limited personal access to the network and servers.
Each server has a standard user ...
5
votes
1
answer
1k
views
/var/log/auth.log stops recording authentication errors
As the title says, /var/log/auth.log stops recording authentication errors. It all began with I accidentally deleting it. Then I created it using touch command and changed the owner:group to syslog:...
- 95
0
votes
1
answer
1k
views
Enable faillock on Debian 12
Can anyone tell my how to enable faillock on Debian 12?
I had a look to several tutorials but nothing worked for me.
This is what I get after installation - without comments.
/etc/pam.d/common-account
...
- 1,039
1
vote
0
answers
3k
views
PAM - Disabling "check pass; user unknown" syslog messages
TLDR: We use PAM with SSHD. CentOS and Ubuntu exist in the environment. For every SSHD failure of an unknown user, it creates two messages. One of the messages doesn't provide the unknown username and ...
2
votes
0
answers
72
views
How to skip further PAM checking when breaking from a command (SIGINT / ctrl+c)?
I have a custom PAM setting for sudo, to use Howdy, an application using face recognition for authentication.
My current /etc/pam.d/sudo looks like this:
#%PAM-1.0
auth sufficient pam_unix.so ...
- 449
0
votes
1
answer
162
views
I am trying to use the scp command to copy a directory from a local ubuntu machine to a remote ubuntu machine
The purpose of this script is to establish an SSH connection with a remote host and then use the scp command to copy the /home/desktop/Documents directory to the target directory /home/haca/desktop
...
12
votes
3
answers
4k
views
What program in Linux computes the hash of the input password when you log in?
If I understand authentication mechanism correctly, when we input the credentials in the login prompt, the hash of the password is computed and then that hash is compared with the hash stored ...
- 327
1
vote
1
answer
399
views
What is Integrated Windows Authentication and what does it mean for me?
I was looking through my Chromium browser settings and stumbled upon something called AuthServerAllowlist, which was set to the value https://*. Digging a little deeper, it looks like this is tied to ...
- 223
1
vote
1
answer
661
views
Error 0x80070035 browsing to samba share from Win2019 Server only
I have a samba v4.17.5 server working well, I can browse all of the shares from Win 10 clients. The clients and the samba host are members of a domain.
However, when I try to browse the samba server ...
- 1,993