[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Account locking/unlocking



Hi there

> > add that users to a special group (suggestion: locked) 
> > and deny access for that group on your system services
> > (I think there is a pam_group module, need to check)
> > 
> > then usermod can change the users in and out of "locked"
> > what do you think, ppl?
> 
> It sounds interesting.  I'll have to look into this to see
> what it would take to create a system with this that works.

I checked pam_group and it is used for other thing. BTW pam_listfile
does what we want -- from 
http://www.redhat.com/linux-info/pam/docs/pam-6.html#ss6.10

onerr=succeed|fail; sense=allow|deny; file=filename; 
item=user|tty|rhost|ruser|group|shell apply=user|@group

| auth       required     /lib/security/pam_listfile.so \
|            onerr=fail item=remotehost sense=allow file=$HOME/user.permit

(there is no item=remotehost on the docs)

now is just discover the right parameters ...

!3runo



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []