Thank you. I have tested by using the following line in system-auth file
account sufficient /lib/security/$ISA/pam_succeed_if.so user ingroup testadm debug
After adding the above mentioned line, i am able to bypass only pam_tally.so module (account lock out parameter) for the users who are in testadm.
Now i wanted to configure following settings as well.
1. adding multiple groups in above line (pam_succeed_if.so)
2. bypassing other pam modules like pam_cracklib.so and so on.
Thanks
Vasu
account sufficient /lib/security/$ISA/pam_succeed_if.so user ingroup testadm debug
After adding the above mentioned line, i am able to bypass only pam_tally.so module (account lock out parameter) for the users who are in testadm.
Now i wanted to configure following settings as well.
1. adding multiple groups in above line (pam_succeed_if.so)
2. bypassing other pam modules like pam_cracklib.so and so on.
Thanks
Vasu
To: "Pluggable Authentication Modules" <pam-list@xxxxxxxxxx>
Date: Mon, 14 Apr 2008 22:31:49 +0200
Subject: Re: Bypassing PAM modules for particular groups in Linux
It should work with pam_succeed_if, you can check the manual for full details.
I.E.
account required pam_succeed_if.so uid>=200 shell=bash
- field < number
- Field has a value numerically less than number.
- field <= number
- Field has a value numerically less than or equal to number.
- field eq number
- Field has a value numerically less equal to number.
- field >= number
- Field has a value numerically greater than or equal to number.
- field > number
- Field has a value numerically greater than number.
- field ne number
- Field has a value numerically different from number.
- field = string
- Field exactly matches the given string.
- field != string
- Field does not match the given string.
- field =~ glob
- Field matches the given glob.
- field !~ glob
- Field does not match the given glob.
- field in item:item:...
- Field is contained in the list of items separated by colons.
- field notin item:item:...
- Field is not contained in the list of items separated by colons.
- user ingroup group
- User is in given group.
- user notingroup group
- User is not in given group.
- user innetgr netgroup
- (user,host) is in given netgroup.
- user notinnetgr group
- (user,host) is not in given netgroup.
_______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
