(no subject)
Rick Goyette
goyette at downbelow.pns.anl.gov
Tue Aug 24 19:19:17 UTC 2004
Found this in the pam_unix info:
Based on the following shadow elements: expire; last_change;
max_change; min_change; warn_change, this module performs the
task of establishing the status of the user's account and
password. In the case of the latter, it may offer advice to the
user on changing their password or, through the
PAM_AUTHTOKEN_REQD return, delay giving service to the user
until they have established a new password. The entries listed
above are documented in the GNU Libc info documents. Should the
user's record not contain one or more of these entries, the
corresponding shadow check is not performed.
which sounds like what I want to do: restrict login based on shadow
info. But I am not sure how to apply this. Any advice? I use the
shadow key word in systeh-auth already:
password sufficient /lib/security/$ISA/pam_unix.so nullok
use_authtok md5 shadow
but not for auth.
auth sufficient /lib/security/$ISA/pam_unix.so likeauth nullok
More information about the Pam-list
mailing list