Re: [CentOS] pam_access not working?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hi again,

Big thanks to Barry Brimer and Will McDonald for your suggestions!

I had big hopes for the "UsePAM yes" in sshd_config since I was not aware of that option, and it seemed like THE solution. However, tried it, restarted the sshd daemon but still the same, I can still log on. Totally strange.

Next I would like to consider Barry's suspicion that something is wrong with the order of statements in /etc/pam.d/system-auth. Here is my current file, I simply put the pam_access line just before he other "account" line:

#%PAM-1.0
auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        required      /lib/security/$ISA/pam_deny.so

account     required      /lib/security/pam_access.so
account     required      /lib/security/$ISA/pam_unix.so

password    required      /lib/security/$ISA/pam_cracklib.so retry=3
password sufficient /lib/security/pam_unix.so nullok use_authtok md5 shadow nis
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     required      /lib/security/$ISA/pam_unix.so

... and, to be sure, system-auth is referenced within /etc/pam.d/sshd:

#%PAM-1.0
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    required     pam_loginuid.so

I hope you can spot something wrong in here :-) -- it all seems ok to me.

Cheers,
Morten

--
Morten Kjeldgaard, Asc. professor, Ph.D.
Department of Molecular Biology, Aarhus University
Gustav Wieds Vej 10 C, DK-8000 Aarhus C, Denmark
Lab +45 89425026 * Mobile +45 51860147 * Fax +45 86123178
Home +45 86188180 * http://www.bioxray.dk/~mok

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux