Re: Linux locked accounts and PAM

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Robert Wolf wrote:
> On Thu, 2 Oct 2008, Max Bowsher wrote:
> 
>> In particular, an account "locked" in this fashion becomes ineligible
>> for ssh logins by public key, as well as by password, when used in this
>> manner, when OpenSSH is not using PAM.
>>
>> I'd quite like to make use of this feature even when OpenSSH *is* using
>> PAM. Is there any existing way to configure PAM to respect this convention?
> 
> Hi Max,
> 
> could you look at pam_access module? Could this be for you good? You can 
> specify either simple users or groups of users allowed or disabled to access 
> pass PAM.


Thanks - pam_access is an excellent example of a module I could fairly
trivially modify to achieve the desired effect.

It's not suitable as is, because my desire is to replicate exactly the
semantics of the passwd file without PAM. This is for two reasons:

(1) I have a mix of old and new machines. It would be nice for the same
configuration style to be applicable to both.

(2) I find it appropriate to keep the user status in the existing
/etc/shadow, rather than creating a new config file.

Max.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux