recent update to pam causing non-root ssh logins to fail?
Tay, Gary
Gary_Tay at platts.com
Thu Nov 25 12:33:09 UTC 2004
Why don't you do a test without those changes in /etc/security/limits?
-----Original Message-----
From: pam-list-bounces at redhat.com on behalf of Robert P. J. Day
Sent: Thu 11/25/2004 8:20 PM
To: Pluggable Authentication Modules
Cc:
Subject: Re: recent update to pam causing non-root ssh logins to fail?
On Thu, 25 Nov 2004, Tomas Mraz wrote:
> On Thu, 2004-11-25 at 06:53 -0500, Robert P. J. Day wrote:
> > recently, my fedora core 2 system started rejecting ssh logins to my
> > non-root account on that system. if, from a remote system, i ssh to
> > root, no problem. if i ssh to my regular account, the connection is
> > closed.
> > account sufficient /lib/security/$ISA/pam_succeed_if.so uid < 100
> This isn't the culprit.
i'm willing to believe it's not the actual culprit but, as i read it
(not being a PAM expert), it certainly allows uid < 100 logins.
what seems to be missing is some additional rules that still allow uid
greater than 100 logins, right?
> > which clearly is what allows me to ssh in as root, but not as me.
> > should i simply change that value? or is there a cleaner way to
> > do this? thanks.
> Have you possibly changed something in /etc/security/limits.conf
> file recently? What is it's contents?
yes. i added some content to support oracle 10g. here are the
*total* non-commented contents of the limits.conf file:
* soft nproc 2047
* hard nproc 16384
* soft nofile 1024
* hard nofile 65536
it doesn't *look* like any of those should cause a problem. more
thoughts?
rday
_______________________________________________
Pam-list mailing list
Pam-list at redhat.com
https://www.redhat.com/mailman/listinfo/pam-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 5914 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pam-list/attachments/20041125/b6d1435d/attachment.bin>
More information about the Pam-list
mailing list