Hi After a lot of rtfm, I have found an answer. So for the benefit of future googlers I am replying to my own thread. The two important lines are: account [success=1] pam_access.so account optional pam_echo.so You do not have the correct group membership to access this machine This line basically says that if the exit code of the pam_access module is "success" then skip the next line and continue with the normal procedure. If pam_access denies you access the exit code will be PAM_PERM_DENIED and the next line will be the error message which will be shown. Regards > -----Original Message----- > From: pam-list-bounces@xxxxxxxxxx [mailto:pam-list- > bounces@xxxxxxxxxx] On Behalf Of Gerrard Geldenhuis > Sent: 05 January 2011 10:34 > To: pam-list@xxxxxxxxxx > Subject: Verbal Login Failure > > Hi > I am not sure if this is designed into PAM, but how can I feedback better to > users about why/where their login failed? > > I already here the voices about you not wanting to reveal that reason to the > users but I think I have a valid case: > We use access.conf and when a users is not allowed access the following > will happen: > users types in password > ssh session terminates > > This is not very intuitive and your first thought is that you have typed your > password wrong. If you could at least get a message to say access has been > denied for whatever reason that would be imminently more useful and > easier to debug for 1ste line support guys. > > Is there any way to achieve this? > > Regards > > ___________________________________________________________________ > _____ > In order to protect our email recipients, Betfair Group use SkyScan from > MessageLabs to scan all Incoming and Outgoing mail for viruses. > > ___________________________________________________________________ > _____ > > _______________________________________________ > Pam-list mailing list > Pam-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/pam-list ________________________________________________________________________ In order to protect our email recipients, Betfair Group use SkyScan from MessageLabs to scan all Incoming and Outgoing mail for viruses. ________________________________________________________________________ _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
