How to use PAM authentication with local or LDAP credentials
8 views
Skip to first unread message
Abdullah YILDIZ
Oct 11, 2025, 4:59:38 PM (4 days ago) Oct 11
to TigerVNC User Discussion/Support
Hi,
I installed TigerVNC server (version 1.14.1) on AlmaLinux OS 9 as instructed here.
After the installation, PAM configuration file tigervnc is available at /etc/pam.d/ with the following content:
#%PAM-1.0
# THIS IS AN EXAMPLE CONFIGURATION
# MODIFY AS NEEDED FOR YOUR DISTRIBUTION
# pam_selinux.so close should be the first session rule
-session required pam_selinux.so close
session required pam_loginuid.so
-session required pam_selinux.so open
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session required pam_limits.so
-session optional pam_systemd.so
session required pam_unix.so
-session optional pam_reauthorize.so prepare
# THIS IS AN EXAMPLE CONFIGURATION
# MODIFY AS NEEDED FOR YOUR DISTRIBUTION
# pam_selinux.so close should be the first session rule
-session required pam_selinux.so close
session required pam_loginuid.so
-session required pam_selinux.so open
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session required pam_limits.so
-session optional pam_systemd.so
session required pam_unix.so
-session optional pam_reauthorize.so prepare
I also copied the user VNC settings into ~/.vnc/config as follows:
session=xfce
plainusers=srv-admin
securitytypes=tlsplain
geometry=800x600
pam_service=tigervnc
plainusers=srv-admin
securitytypes=tlsplain
geometry=800x600
pam_service=tigervnc
However, using the local credentials of the srv-admin does not work. Could you please help me with this?
Regards,
Pierre Ossman
Oct 14, 2025, 6:47:33 AM (2 days ago) Oct 14
to Abdullah YILDIZ, TigerVNC User Discussion/Support
On 11/10/2025 22:59, Abdullah YILDIZ wrote:
>
> I also copied the user VNC settings into *~/.vnc/config* as follows:
unfortunately. It often requires you to run the server as root. That is
definitely the case when using pam_unix, but may not be required when
using pam_sss.
The second issue here is that the PAM configuration you used was only
written with the goal of starting sessions. It lacks the necessary lines
for authentication.
I would recommend using something like "remote" as the PAM service name
instead.
Regards,
--
Pierre Ossman Software Development
Cendio AB https://cendio.com
Teknikringen 8 https://twitter.com/ThinLinc
583 30 Linköping https://facebook.com/ThinLinc
Phone: +46-13-214600
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
>
> I also copied the user VNC settings into *~/.vnc/config* as follows:
>
> session=xfce
> plainusers=srv-admin
> securitytypes=tlsplain
> geometry=800x600
> pam_service=tigervnc
>
> However, using the local credentials of the srv-admin does not work. Could
> you please help me with this?
>
Using PAM for authentication is currently not terribly robust,
> session=xfce
> plainusers=srv-admin
> securitytypes=tlsplain
> geometry=800x600
> pam_service=tigervnc
>
> However, using the local credentials of the srv-admin does not work. Could
> you please help me with this?
>
unfortunately. It often requires you to run the server as root. That is
definitely the case when using pam_unix, but may not be required when
using pam_sss.
The second issue here is that the PAM configuration you used was only
written with the goal of starting sessions. It lacks the necessary lines
for authentication.
I would recommend using something like "remote" as the PAM service name
instead.
Regards,
--
Pierre Ossman Software Development
Cendio AB https://cendio.com
Teknikringen 8 https://twitter.com/ThinLinc
583 30 Linköping https://facebook.com/ThinLinc
Phone: +46-13-214600
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
Abdullah YILDIZ
Oct 15, 2025, 4:29:33 AM (22 hours ago) Oct 15
to TigerVNC User Discussion/Support
Hi,
Thank you for your feedback and support.
I updated the config file as follows; however, I am still not be able to log in with my local credentials:
session=xfce
plainusers=srv-admin
securitytypes=tlsplain
geometry=800x600
pam_service=remote
plainusers=srv-admin
securitytypes=tlsplain
geometry=800x600
pam_service=remote
I also disabled SELinux in case it blocks the PAM service.
Is there any other issue that could cause this?
Regards,
Reply all
Reply to author
Forward
0 new messages