I'm sorry to hit the entire list with this question but after some hours research I'm still unable to find a solution to my problem. I need a way to allow certain users (eg the administrators) access to a system even when /etc/nologin is present. The orginal Redhat 5 config read like: auth include system-auth account required pam_nologin.so account include system-auth .... with system-auth containing ... account required pam_unix.so account sufficient pam_succeed_if.so uid < 500 quiet account required pam_permit.so ... My modification would be: #%PAM-1.0 auth include system-auth account include system-auth account sufficient pam_listfile.so onerr=fail item=user sense=allow file=/etc/admins account required pam_nologin.so .... Which holes do I open by moving pam_nologin.so to the end of the stack? Are there better ways to reach my goal? thanks for any help Michael ------------------------------------------------------------------------ Michael Hebenstreit Senior Cluster Architect Intel Corporation Software and Services Group/DRD 2800 N Center Dr, DP3-307 Tel.: +1 253 371 3144 WA 98327, DuPont UNITED STATES E-mail: michael.hebenstreit@xxxxxxxxx _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
