| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8 9
Comments:
<0> all my LINUX boxi here at home have the pam_userdb.so module.
<0> and plenty of other useful PAM modules.
<0> but the Solaris 10 box they setup at work has only a few .so files in /usr/lib/security
<0> All I need is ONE .so file I can use with something like a text file or some hash file.
<0> ..or some info on how to use one of the few existing .so files with something other than /etc/p***wd (and how to admin the non et/cp***wd file).
<0> we eventually want the help desk to be able to admin the FTP users.
<0> with very limited access to the server.
<0> and ZERO understanding of UNIX.
<1> why not just find an FTP daemon that's chroot'able and dump a separate /etc/p***wd in it... like, um ProFTPD
<2> wow, vsftpd really ****s
<0> it is supposed to be very secure.
<0> the guy who wrote it is a professional security researcher.
<2> wu's probably even secure these days
<0> I have vsftpd installed and running finr with local users.
<0> If I had the PAM setup from my RedHat box, I'd be done.
<0> yeah.. and wu is the default.
<0> this isn't logic, mind you.. it's corporate IT security.. complete with Sarbanes Oxley and routine internal and external audits. balh blah.
<0> I have a reputation for getting stuff done. sometimes it takes me a while and I have to bark up a lot of trees first, but other people are either too busy already or don't have the skills.
<3> I kinda hate sarbanes oxley
<0> kinda?
<0> I hate the piss out of them.
<0> Individually.
<2> clearly it's better to port code onto os's never intended to run it and introduce many unknown bugs and possible security exploits in order to force a solution to work in the name of "security" rather than to find a proper solution from the get-go
<0> Clearly.
<0> I was looking at ProFTP, but the 'pros' touted vsftpd.
<0> and it is great. I have it on my RedHat server.
<0> at home.
<0> I just had no idea that none of the stuff I need to do vitual users is there for me on the box at work.
<0> I'd expect these PAM modules to be all over the place and readily available for Solaris.
<0> not.
<0> or so it seems so far.
<2> and the irony is sun pretty much invented pam
<0> Indeed!
<0> that's what i don't get. Sun's own page on PAM is sparse to say the least.
<0> I am hoping to find the needle in the haystack or have enough dumb luck that I can get this module to compile.
<0> if I could find someone who already does this (PAM against a local file) who was willing to share with me.. (!)
<2> it'd be easier to setup an ldap server or something and just point the ftp server to that
<2> then setup some app to manipluate the data for the braindead users
<2> you could even point it to ad being the ms weenie you are
<3> well you could get srcs from opensolaris.org and whack about with that.
<0> it'll just be a set of shell scripts or perl that wraps calls to /bin/Apache2/htp***wd
<2> you could kerberize it all too
<0> I may even be able to manage a Windows GUI for the front end.
<3> kerberos ugh
<0> I can spell Kerberos.
<0> On a good day.
<0> I'm versed in (cough) Windows programming.
<0> ADSI, SSPI, etc.
<2> what do you think active directory uses?
<2> you dont even need to code anything
<0> I know that Redmond has 'embraced and extended' Kerberos for a lot of things, but I'm not up on it yet.
<2> there's kerberos pam modules bundeled with solaris
<0> thing is.. this server is on the DMZ.
<3> 'embraced and extended' = "****ed up beyond contempt"
<0> there is no DC or ActiveDirectory.
<0> gentry - quite.
<0> it isn't even compliant in their implementation.
<0> MIT should sue them.
<3> yea, I know, which is why I cl***ified it that way
<2> well keep playing the incredible machine from sierra... it might give you a few other ideas on how to do this
<0> incredibel machine from sierra?
<0> good news..
<0> I'm reading some stuff (old stuff) that explicitly states that on Solris 2.6 you had to have the full LINUX PAM libraries to compile PAM modules.
<4> fingd
<4> dongs
<5> <4> Now that blogshares is gone I seriously consider suicide at least once a day
<0> so it's a hint.
<0> SwK - do you know what a dong is?
<3> why not just get open sol src for pam and work with that?
<3> not like it's going to be hard to build them...
<0> too ignorant, gentry. I'm trying to keep it simple as much as I can.
<0> gentry - I did not install Solaris on this machine.
<0> One of the server ops guys did that.
<4> no but nuts on your chin means theres a **** in your mouth
<3> seems simpler than trying to work with some bastardized linux pam src.
<1> what kind of solaris box is it?
<2> one that's being run by a windows guy!
<0> SwK - the dong is the standard unit of currency in Vietnam.
<1> doh
<5> Excuse me Doctor, I think I know a little something about medicine.
<0> Sparc10 64-bit.
<6> use a newer version of solaris
<6> problem solved
<1> wtf is Sparc10?
<2> sun4m!
<1> heh
<6> do you bitch at microsoft for not support XYZ in NT 4.0 ?
<0> I honestly don't know about Sun stuff.
<0> the box is supposed to be a very new sparc system.
<0> and the OS is supposed to tbe latest.
<2> type uname -a and paste it to us
<3> yea
<6> Vortran, what exactly are you tryiing to do just auth solaris against AD ?
<0> lemme remote in to work..
<0> rbrown..
<2> rbrown: no he wants to auth it to a different text file through pam
<6> text file?
<0> no... auth vsftpd against a local file (not /etc/p***wd).
<1> he needs pam_userdb.so
<6> Vortran, use proftpd
<0> I'd kill for it.
<0> or even more... pam_pwdfile.so
<6> you can have it auth against its own file db
<6> in like 2 simple directives
<6> **** vsftpd
<1> 23:10|<1> why not just find an FTP daemon that's chroot'able and dump a separate
<1> /etc/p***wd in it... like, um ProFTPD
<3> we use proftpd in a sox env at work.
<3> on hpux...
<7> sox cox
<6> <6> you can have it auth against its own file db
<6> <6> in like 2 simple directives
<6> <6> **** vsftpd
<6> err
<6> http://www.proftpd.org/docs/directives/configuration_full.html#AUTHUSERFILE
<5> http://urlx.org/proftpd.org/63970
<1> ftp.bellsouth.net is running ProFTPD
<6> proftpd has been doing that for years
<0> I wouldn't know how to admin two /etc/p***wd on the same box. I am FAR from an expert. All I know about 'chroot' is that it places the FTP user in their home dir appearing as /
<0> to them.
<2> omy
<6> Vortran, in proftpd its as simple as AuthUserFile /my/p***wd/file
<6> just stick a hash in and be done with it
<0> rbrown - I won't discout that as an option.
<0> going with just local users is an option, too.
<2> well
<0> but I'm pretty stubborn sometimes and I know this is what my boss wants.
<2> it kinda serves the co right for making a windows admin/programmer try to solve problems far beyond his win32.dll world
<0> so I want to give it the old college try before I tell him it ain't happening.
<3> in the end what $boss wants is sox compliance.
<0> hehe
<0> I wanted a challenge.
<0> Looks like a got one!
<2> you dont even know what version of the OS you're running
<2> or the hardware you're on
<0> when I downloaded the source for Berkely DB, I chose Solaris 10 for 64-bit sparc.
<0> lemme remote in..
<2> you know berekelydb is on the companion cd for solaris 10, right?
<0> I don't have any of the Solaris CDs.
<2> so you didnt have to download it, it's already there
<2> you can download them all for the price of free!
<0> some guy in server ops at the data center has that.
<0> what is the uname arg?
<0> -S
<0> ?
<3> -a
<1> I love this ****: Immediate requirement for a Sun/Unix Administrator. Requirements: Windows 2000/2003
<3> ahaha
<0> SunOS ftp-server 5.10 Generic_118833-03 sun4u sparc SUNW,Sun-Fire-V240
<8> people still download source?
Return to
#solaris
or
Go to some related
logs:
#windowsxp
#computers
#hardware
DFL-700 firewall is running in safe mode
#firebird
#politics
#computers
#heroin
#nhl
#winxp
|
|