We currently have the following config in /etc/pam.d/system-auth on a RHEL 6.3 staging server:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
#auth sufficient pam_fprintd.so
#auth sufficient pam_unix.so nullok try_first_pass
#auth requisite pam_succeed_if.so uid >= 500 quiet
#auth required pam_deny.so
auth required pam_faillock.so preauth audit silent deny=5
auth [success=1 default=bad] pam_unix.so
auth [default=die] pam_faillock.so authfail audit deny=5
auth sufficient pam_faillock.so authsucc audit deny=5
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
After testing in our staging server, “su - root” and “sudo su – root” command are not working if "auth required pam_deny.so" is enable in /etc/pam.d/system-auth
Would like to check if there are any areas that might be misconfigure.
Thanks.
Regards,
Keng Lim
_______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list