/etc/pam.d/crond includes the following lines;
account sufficient pam_rootok.so
account required pam_access.so
account include system-auth
crond with the above lines exits with an account expiration error if root password is expired.
If crond uses "account sufficient pam_access.so" instead of "account required pam_access.so", root's jobs can be run.
Does "sufficient" flag cause to access problem?
On Wed, Dec 28, 2011 at 7:12 PM, ben <ben@xxxxxxxxxxxxxxxxxx> wrote:
On 12/28/2011 5:39 AM, Jon Miller wrote:I suspect that pam_access is used to deny expired users. you might look
> Sorry but I do not have a direct answer to your question, however it
> is my opinion that the use of pam_access doesn't make much sense for
> /etc/pam.d/crond. Cronjobs are for users which already have access
> whereas pam_access would be controlling who gained access in the first
> place. My suggestion is to completely remove that line from crond.
>
> -- Jon Miller
at adding a root ok module first.
--
Ben Hildred
Estimator
Applied Plastic Coatings, Inc.
5000 Tabor St.
Wheat Ridge, CO 80033
303 424 9200
F: 303 424 8800
ben@xxxxxxxxxxxxxxxxxx
http://appliedplastic.com
_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
Anıl KARADAĞ
http://anilkaradag.info/blog
_______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
