Hello! I'd like to disable root logins from everywhere except /dev/tty2. That's why I added the following line to /etc/security/access.conf file -:root:ALL EXCEPT tty2 But I've found that if I try to log in from another tty as a usual user while the network is under heavy load then pam_access module waits for a long time before giving me a shell prompt. The PAM sources told me that this is because the module in question first compares the real tty name (tty1) with the one from access.conf (tty2) and if they aren't equal it tries to call getaddrinfo() function passing the 'tty1' value as a host name. So the delay appears since this function uses DNS (!) to find a host named tty1 that is slow in the case of heavy network load and useless in _this_ case. Is there a way to reduce the latency? Isn't it a security hole that the module cannot tell the difference between a terminal and a host name? P.S. I use Linux-PAM-0.99.4.0. -- Nothing but perfection pv _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
