[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Account locking/unlocking



"Bruno Lopes F. Cabral" <bruno@openline.com.br> writes:
> 
> onerr=succeed|fail; sense=allow|deny; file=filename; 
> item=user|tty|rhost|ruser|group|shell apply=user|@group
...
> now is just discover the right parameters ...
> 

The following would not allow anyone who's username appeared in
/etc/locked to login, this is a pretty good way to do this, but not
the only one

 auth       required     /lib/security/pam_listfile.so \
            onerr=fail item=user sense=deny file=/etc/locked apply=user


If you wanted to lock out anyone in group "locked" you could use

auth        required     /lib/security/pam_wheel.so \
	    group=locked deny








[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []