Re: CentOS6 and pam_access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



 
>  Under CentOS5, I used this configuration to restrict access to root only:
> 
> # cat /etc/security/access.conf
> + : root : ALL
> - : ALL : ALL
> # cat /etc/pam.d/system-auth-ac
> ...
> account     required      pam_access.so
> account     required      pam_unix.so
> account     sufficient    pam_localuser.so
> account     sufficient    pam_succeed_if.so uid < 500 quiet
> account     required      pam_permit.so
> ...
> # 
 
 Figured it out by reverse-engineering the changes made by system-config-authentication.

 In addition to system-auth-ac, as a minimum, password-auth-ac needs the
 same update. To make it complete, fingerprint-auth-ac and smartcard-auth-ac
 need the additional line, too (not that they matter on the server hw here).

 The state of PAM access is also recorded in /etc/sysconfig/authconfig
 (USEPAMACCESS=yes/no), but this seems to serve as a reminder for
 system-config-authentication more than actual system services configuration.

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux