> Under CentOS5, I used this configuration to restrict access to root only:
>
> # cat /etc/security/access.conf
> + : root : ALL
> - : ALL : ALL
> # cat /etc/pam.d/system-auth-ac
> ...
> account required pam_access.so
> account required pam_unix.so
> account sufficient pam_localuser.so
> account sufficient pam_succeed_if.so uid < 500 quiet
> account required pam_permit.so
> ...
> #
Figured it out by reverse-engineering the changes made by system-config-authentication.
In addition to system-auth-ac, as a minimum, password-auth-ac needs the
same update. To make it complete, fingerprint-auth-ac and smartcard-auth-ac
need the additional line, too (not that they matter on the server hw here).
The state of PAM access is also recorded in /etc/sysconfig/authconfig
(USEPAMACCESS=yes/no), but this seems to serve as a reminder for
system-config-authentication more than actual system services configuration.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
