Sorry but I do not have a direct answer to your question, however it is my opinion that the use of pam_access doesn't make much sense for /etc/pam.d/crond. Cronjobs are for users which already have access whereas pam_access would be controlling who gained access in the first place. My suggestion is to completely remove that line from crond. -- Jon Miller On Wed, Dec 28, 2011 at 7:12 AM, ANIL KARADAĞ <anil.karadag@xxxxxxxxx> wrote: > Hi, > > > > > > I have a question about pam_access.so and need some suggestions. My problem > is if root password is expired, root’s cron job(s) can not be run. I found > two desing options; > > > 1 - root password is configured for non-expire > > > 2- /etc/pam.d/crond includes "account sufficient pam_access.so" > instead of "account required pam_access.so" > > > > [1] is OK but i want to select second with some restriction(s). "sufficient" > flag does not prevent unauthorized attempt so i don't want use second > exactly. > > > how to define "account required pam_access.so with disable_aging=ok" > > > > -- > Anıl KARADAĞ > http://anilkaradag.info/blog > > _______________________________________________ > Pam-list mailing list > Pam-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/pam-list _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list