I have the following lines in my file /etc/security/access.conf for the purpose of my testing.
- : bryan.harris.adm : ALL
- : ALL : ALL
When I place the following into /etc/pam.d/sshd I can prevent my login. The error is "pam_access(sshd:account): access denied for user `bryan.harris.adm' from" which looks like exactly what I want to see.
account required pam_access.so
When I place the following into /etc/pam.d/sshd I can once again login just fine and access.conf seems to be ignored.
account required pam_access.so listsep=,
The motivation is that I want to only allow the AD group "Linux Admins" (without quotes) to be able to login. So eventually I want to get a line like - : @Linux Admins : ALL into my /etc/security/access.conf file.
Can anyone explain how I can make this work properly? I doubt I can convince the Windows guys to not use spaces in their group names but I could try.
_______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list