Bypassing PAM modules for particular groups in Linux (mdnteo)
Vasudeva R
rachamad at gmail.com
Tue Apr 15 15:27:32 UTC 2008
Thank you. I have tested by using the following line in system-auth file
account sufficient /lib/security/$ISA/pam_succeed_if.so user ingroup
testadm debug
After adding the above mentioned line, i am able to bypass only pam_tally.so
module (account lock out parameter) for the users who are in testadm.
Now i wanted to configure following settings as well.
1. adding multiple groups in above line (pam_succeed_if.so)
2. bypassing other pam modules like pam_cracklib.so and so on.
Thanks
Vasu
> To: "Pluggable Authentication Modules" <pam-list at redhat.com>
> Date: Mon, 14 Apr 2008 22:31:49 +0200
> Subject: Re: Bypassing PAM modules for particular groups in Linux
> It should work with pam_succeed_if, you can check the manual for full
> details.
>
> I.E.
> account required pam_succeed_if.so uid>=200 shell=bash
>
> *field < number* Field has a value numerically less than number. *field <=
> number* Field has a value numerically less than or equal to number. *field
> eq number* Field has a value numerically less equal to number. *field >=
> number* Field has a value numerically greater than or equal to number. *field
> > number* Field has a value numerically greater than number. *field ne
> number* Field has a value numerically different from number. *field =
> string* Field exactly matches the given string. *field != string* Field
> does not match the given string. *field =~ glob* Field matches the given
> glob. *field !~ glob* Field does not match the given glob. *field in
> item:item:...* Field is contained in the list of items separated by
> colons. *field notin item:item:...* Field is not contained in the list of
> items separated by colons. *user ingroup group* User is in given group. *user
> notingroup group* User is not in given group. *user innetgr netgroup* (user,host)
> is in given netgroup. *user notinnetgr group* (user,host) is not in given
> netgroup.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20080415/833b320a/attachment.htm>
More information about the Pam-list
mailing list