What I do in these situations is manually do the "include" for system-auth and then remove the unnecessary lines. That is, keep your first two lines, then replace the third line with the "account" entries of system-auth. At that point you have an identical setup but you can now try commenting out the pam_access account line without needing to affect any other pam files which may also include system-auth. -- Jon Miller On Thu, Dec 29, 2011 at 3:18 AM, ANIL KARADAĞ <anil.karadag@xxxxxxxxx> wrote: > Hi Ben, > > /etc/pam.d/crond includes the following lines; > > account sufficient pam_rootok.so > account required pam_access.so > account include system-auth > > crond with the above lines exits with an account expiration error if root > password is expired. > > If crond uses "account sufficient pam_access.so" instead of "account > required pam_access.so", root's jobs can be run. > > Does "sufficient" flag cause to access problem? > > > > On Wed, Dec 28, 2011 at 7:12 PM, ben <ben@xxxxxxxxxxxxxxxxxx> wrote: >> >> On 12/28/2011 5:39 AM, Jon Miller wrote: >> > Sorry but I do not have a direct answer to your question, however it >> > is my opinion that the use of pam_access doesn't make much sense for >> > /etc/pam.d/crond. Cronjobs are for users which already have access >> > whereas pam_access would be controlling who gained access in the first >> > place. My suggestion is to completely remove that line from crond. >> > >> > -- Jon Miller >> >> I suspect that pam_access is used to deny expired users. you might look >> at adding a root ok module first. >> >> -- >> Ben Hildred >> Estimator >> Applied Plastic Coatings, Inc. >> 5000 Tabor St. >> Wheat Ridge, CO 80033 >> 303 424 9200 >> F: 303 424 8800 >> ben@xxxxxxxxxxxxxxxxxx >> http://appliedplastic.com >> >> _______________________________________________ >> Pam-list mailing list >> Pam-list@xxxxxxxxxx >> https://www.redhat.com/mailman/listinfo/pam-list > > > > > -- > Anıl KARADAĞ > http://anilkaradag.info/blog > > _______________________________________________ > Pam-list mailing list > Pam-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/pam-list _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
