Seeking advice for auth required pam_deny.so

[Ng Keng Lim <kenglim.ng@xxxxxxxxxxx>]

Hi List,

 

We currently have the following config in /etc/pam.d/system-auth on a RHEL 6.3 staging server:

 

#%PAM-1.0

# This file is auto-generated.

# User changes will be destroyed the next time authconfig is run.

auth        required      pam_env.so

#auth      sufficient    pam_fprintd.so

#auth      sufficient    pam_unix.so nullok try_first_pass

#auth      requisite     pam_succeed_if.so uid >= 500 quiet

#auth      required      pam_deny.so

auth        required      pam_faillock.so preauth audit silent deny=5

auth        [success=1 default=bad] pam_unix.so

auth        [default=die] pam_faillock.so authfail audit deny=5

auth        sufficient    pam_faillock.so authsucc audit deny=5

account  required      pam_unix.so

account  sufficient    pam_localuser.so

account  sufficient    pam_succeed_if.so uid < 500 quiet

account  required      pam_permit.so

 

After testing in our staging server, “su - root” and “sudo su – root” command are not working if "auth required pam_deny.so" is enable in /etc/pam.d/system-auth

Would like to check if there are any areas that might be misconfigure.

 

Thanks.

 

Regards,

Keng Lim

 

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list