Re: [] How to ignore account expiration error(s)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Hi Ben,

/etc/pam.d/crond includes the following lines;

account    sufficient
account    required
account    include    system-auth

crond with the above lines exits with an account expiration error if root password is expired. 

If crond uses "account    sufficient" instead of "account    required", root's jobs can be run. 

Does "sufficient" flag cause to access problem?  

On Wed, Dec 28, 2011 at 7:12 PM, ben <ben@xxxxxxxxxxxxxxxxxx> wrote:
On 12/28/2011 5:39 AM, Jon Miller wrote:
> Sorry but I do not have a direct answer to your question, however it
> is my opinion that the use of pam_access doesn't make much sense for
> /etc/pam.d/crond. Cronjobs are for users which already have access
> whereas pam_access would be controlling who gained access in the first
> place. My suggestion is to completely remove that line from crond.
> -- Jon Miller

I suspect that pam_access is used to deny expired users. you might look
at adding a root ok module first.

Ben Hildred
Applied Plastic Coatings, Inc.
5000 Tabor St.
Wheat Ridge, CO 80033
303 424 9200
F: 303 424 8800

Pam-list mailing list

Pam-list mailing list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux