On Thu, Jan 18, 2001 at 05:42:48PM +0100, Willy Weisz wrote: > Ben Collins wrote: > > > > On Thu, Jan 18, 2001 at 02:06:30AM +0100, Willy Weisz wrote: > > > no_login doesn't show the behaviour I would expect: > > > > > > 1. rsh , rlogin and login: > > > Even though the user is not allowed to login, he is requested to > > > enter his password again and > > > again, until a new login prompt appears that finally can be aborted > > > with <Ctrl-D> > > > > Make pam_nologin "requisite" instead of "required". > > I've done this already: The result is the same whether "requisite" or > "required" is used on the line "auth .. /lib/security/pam_nologin.so". requisite works for me. Maybe I have mine patched for that. I really need to check all my patches and forward them to Andrew anyway. > > > 2. ssh > > > The text of the file /etc/nologin is not displayed on the terminal, > > > and the user sees only > > > that he is not permitted to login. Here again the user is asked to > > > enter the password > > > 3 times before he gets the message "Unable to find an > > > authentication method", and > > > ssh returns. > > > > Use openssh, not ssh. > > My original e-mail said already: > "The configuration file is that of the OpenSSH 2.3.0p1 distribution. that > is installed. PAM is at version 0.72." Hmm, possibly another Debian specific patch I created. I know for sure this one went upstream, and later got accepted into the mainline. Not sure if it was yanked (like a lot of other useful PAM related patches in openssh). Ben -- -----------=======-=-======-=========-----------=====------------=-=------ / Ben Collins -- ...on that fantastic voyage... -- Debian GNU/Linux \ ` bcollins@debian.org -- bcollins@openldap.org -- bcollins@linux.com ' `---=========------=======-------------=-=-----=-===-======-------=--=---'
