On 29/11/06, Morten Kjeldgaard <mok@xxxxxxxxxx> wrote:
Hi,
I am having a strange problem, where I cannot get pam_access to work as
intended. I have placed the following line in /etc/pam.d/system-auth
account required /lib/security/pam_access.so
Then, in /etc/security/access.conf, I have put the following line:
-:mok:10.14.44.104
I.e. I should prevent myself from logging on from host 10.14.44.104.
However, when I try to log on (using ssh) from the specified host, I get
in without a problem. There is nothing in the logs. It does not help
restarting sshd, or rebooting. It does not help putting "ALL" instead of
the IP number. I happily get in...
Is UsePAM set in your sshd_config ?
UsePAM Enables the Pluggable Authentication Module interface. If set
to "yes" this will enable PAM authentication using
ChallengeResponseAuthentication and PAM account and session mod-
ule processing for all authentication types.
Because PAM challenge-response authentication usually serves an
equivalent role to password authentication, you should disable
either PasswordAuthentication or
ChallengeResponseAuthentication.
If UsePAM is enabled, you will not be able to run sshd(8) as a
non-root user. The default is "no".
Will.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
