Re: Pam-list Digest, Vol 46, Issue 16

Andreas Schindler <schindler@xxxxxx> · Sun, 30 Dec 2007 14:54:00 +0100

pam-list-request@xxxxxxxxxx schrieb:

  Send Pam-list mailing list submissions to
	pam-list@xxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
	https://www.redhat.com/mailman/listinfo/pam-list
or, via email, send a message with subject or body 'help' to
	pam-list-request@xxxxxxxxxx

You can reach the person managing the list at
	pam-list-owner@xxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Pam-list digest..."

Today's Topics:

   1. the item ruser of pam_listfile.so  cann`t work (liuruihong)

        Betreff:

the item ruser of pam_listfile.so cann`t work

        Von: 
"liuruihong" <liuruihong@xxxxxxxxx>

        Datum: 
Sat, 29 Dec 2007 12:04:19 +0800

        An: 
<pam-list@xxxxxxxxxx>

        An: 
<pam-list@xxxxxxxxxx>

  My
 /etc/pam.d/sshd on sz-ssl-test00.sz01:
  #%PAM-1.0
  auth      
required     pam_listfile.so  item=ruser
sense=allow file=/etc/test
  auth      
required     pam_stack.so service=system-auth
  auth      
required     pam_nologin.so
  account   
required     pam_stack.so
service=system-auth
  password  
required    
pam_stack.so service=system-auth
  session   
required     pam_stack.so service=system-auth
  session   
required     pam_loginuid.so
  there
are only one user in /etc/test:
  lrh

  when I login
from remote using commands as fllows:
  [lrh@test15
home]$ ssh liuruihong@xxxxxxxxxxxxxxxxxx
  liuruihong@xxxxxxxxxxxxxxxxxx's
password: 
  Permission
denied, please try again.
  liuruihong@xxxxxxxxxxxxxxxxxx's
password: 
  [lrh@test15
home]$

  I
cann`t login ,why? 

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

Liuruihong,

please note: 'ruser' should be set to the user's name on the remote
host, that

issues the authentication sequence, in your case obviously 'lrh' at
host 'test15'. 

But this parameter is optional, in many cases it is left unset.

IMHO what you should test via pam_listfile is 'user', not 'ruser'.

The 'user' token is the name you whish to authenticate against,

in other words: 'user' is the parameter which requires a matching
password.

Additionally, please note that after all 'user' may not be the same as
the name

of the account you're finally logged in to, which is e.g. in U*X the
passwd identity.

Regards

-- 

Dr.-Ing. Andreas Schindler

PDV Systeme AZ1 GmbH

Frankfurter Str. 141

63303 Dreieich

Telefon 06103-57187-21

Telefax 06103-373245

schindler@xxxxxx

www.az1.de

PDV Systeme AZ1 GmbH, Brandeniusstr. 3, 44265 Dortmund

HRB 11089 Amtsgericht Dortmund, Geschäftsführer : Klaus-Jürgen
Koke, Joachim Carle

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list