[Linux-cluster] Pam authentification

Gabe Turner gabe at msi.umn.edu
Wed Feb 15 14:53:29 UTC 2006

On Wed, Feb 15, 2006 at 03:37:30PM +0100, Anthony Assi wrote:
> Hi,
> i need to restrict access to some nodes of the cluster to all users 
> except Root and me,
> i tried the following Pam_access method
> **in /etc/security/access.conf :
> +:root myusername:ALL
> in /etc/pam.d/sshd or /etc/pam.d/login:
> account  required  pam_access.so
> and then did a:  /etc/init.d/sshd reload

I use access.conf, but not in as strict a way as above (typically, I want
to allow most users, but only allow root from one or two hosts).  However,
I've never had issues with it working.  You'll also probably want to add
LOCAL to the host field of the allow rule so that cron will be able to su.

Alternatively, until you can get access.conf working, you could use
AllowUsers and AllowGroups in sshd_config:

AllowUsers	root myusername
AllowGroups 	root mygroup

Gabe Turner                                             gabe at msi.umn.edu
UNIX Systems Administrator,
University of Minnesota Supercomputing Institute
 for Digital Simulation and Advanced Computation         www.msi.umn.edu

More information about the Linux-cluster mailing list