Pam-list Digest, Vol 46, Issue 16

Andreas Schindler schindler at az1.de
Sun Dec 30 13:54:00 UTC 2007 

pam-list-request at redhat.com schrieb:
> Send Pam-list mailing list submissions to
> 	pam-list at redhat.com
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://www.redhat.com/mailman/listinfo/pam-list
> or, via email, send a message with subject or body 'help' to
> 	pam-list-request at redhat.com
>
> You can reach the person managing the list at
> 	pam-list-owner at redhat.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Pam-list digest..."
>   
> ------------------------------------------------------------------------
>
> Today's Topics:
>
>    1. the item ruser of pam_listfile.so  cann`t work (liuruihong)
>   
>
> ------------------------------------------------------------------------
>
> Betreff:
> the item ruser of pam_listfile.so cann`t work
> Von:
> "liuruihong" <liuruihong at baidu.com>
> Datum:
> Sat, 29 Dec 2007 12:04:19 +0800
> An:
> <pam-list at redhat.com>
>
> An:
> <pam-list at redhat.com>
>
>
> My  /etc/pam.d/sshd on sz-ssl-test00.sz01:
>
> #%PAM-1.0
>
> auth       required     pam_listfile.so onerr=succeed item=ruser
> sense=allow file=/etc/test
>
> auth       required     pam_stack.so service=system-auth
>
> auth       required     pam_nologin.so
>
> account    required     pam_stack.so service=system-auth
>
> password   required     pam_stack.so service=system-auth
>
> session    required     pam_stack.so service=system-auth
>
> session    required     pam_loginuid.so
>
> there are only one user in /etc/test:
>
> lrh
>
>  
>
> when I login from remote using commands as fllows:
>
> [lrh at test15 home]$ ssh liuruihong at sz-ssl-test00.sz01
>
> liuruihong at sz-ssl-test00.sz01's password:
>
> Permission denied, please try again.
>
> liuruihong at sz-ssl-test00.sz01's password:
>
> [lrh at test15 home]$
>
>  
>
> I cann`t login ,why?
>
>  
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
Liuruihong,

please note: 'ruser' should be set to the user's name on the remote
host, that
issues the authentication sequence, in your case obviously 'lrh' at host
'test15'.
But this parameter is optional, in many cases it is left unset.

IMHO what you should test via pam_listfile is 'user', not 'ruser'.
The 'user' token is the name you whish to authenticate against,
in other words: 'user' is the parameter which requires a matching password.

Additionally, please note that after all 'user' may not be the same as
the name
of the account you're finally logged in to, which is e.g. in U*X the
passwd identity.

Regards
-- 
Dr.-Ing. Andreas Schindler

PDV Systeme AZ1 GmbH
Frankfurter Str. 141
63303 Dreieich

Telefon 06103-57187-21
Telefax 06103-373245

schindler at az1.de
www.az1.de

PDV Systeme AZ1 GmbH, Brandeniusstr. 3, 44265 Dortmund
HRB 11089 Amtsgericht Dortmund, Geschäftsführer : Klaus-Jürgen Koke,
Joachim Carle
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20071230/75443219/attachment.htm>

More information about the Pam-list mailing list