[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Account locking/unlocking

At the same time you can do account locking by creating a user.permits
file which is how I have done some things.

auth       required     /lib/security/pam_listfile.so \
                onerr=fail item=user sense=allow file=/etc/user.permit
auth       required     /lib/security/pam_nologin.so
auth       sufficient   /lib/security/pam_krb5.so
auth       required     /lib/security/pam_pwdb.so shadow nullok use_first_pass

A user needs to be in the user.permit file, or they are not allowed in.
You can reverse this feature around and have a user.deny file if you want

-Matt Drown     -- Privacy, Anonyminity, & Security -- DataHaven Project
 panzer@dhp.com -- Shell and Web accounts           -- http://www.dhp.com/ 

On Thu, 23 Jul 1998, Savochkin Andrey Vladimirovich wrote:

> I agree that it's better to use for account locking a different program
> rather than passwd. Passwd is mainly designed to allow users change their
> passwords and protect the change by a good authentication.
> Account locking is needed only for system administrators and requires
> no authentication.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []