On Wed, Apr 28, 2004 at 01:29:43PM -0700, Yagi Angrypants wrote:yes, that would work quite well, but doesn't deal with local logins. PAM controls everything!!
A while ago I had configured an RH box so that ssh
users had to have their account names entered into a
text file (in addition to the "usual" requirements) in
order to be able to ssh into a machine.
I can't remember how to do this now. I'd like to
configure a box I have now so that ssh and console
users need to have their accounts specificially
entered into additional text files to permit such
access. Can someone point me to a good link that
discusses modifying the PAM configuration to
accomplish this?
The easiest way to do this is via the sshd_config file that forces users
to be members of a group to allow the ssh login. man sshd_config and
search for AllowGroup
(well, most things that require authentication, anyway)
Console users are handled via /etc/securetty I think./etc/securetty is just a list of terminals that the sytem considers 'secure'.
PAM will not allow root logins on a terminal not listed in that file.
(ie if you want to rescue over a serial console, better make sure that /dev/ttyS0 is listed!)
Stuart -- Stuart Sears RHCE/RHCX
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list