答复: Pam-list Digest, Vol 46, Issue 16
liuruihong
liuruihong at baidu.com
Wed Jan 2 02:25:31 UTC 2008
I see ,thanks!
_____
发件人: pam-list-bounces at redhat.com [mailto:pam-list-bounces at redhat.com] 代表 Andreas Schindler
发送时间: 2007年12月30日 21:54
收件人: pam-list at redhat.com
主题: Re: Pam-list Digest, Vol 46, Issue 16
pam-list-request at redhat.com schrieb:
Send Pam-list mailing list submissions to
pam-list at redhat.com
To subscribe or unsubscribe via the World Wide Web, visit
https://www.redhat.com/mailman/listinfo/pam-list
or, via email, send a message with subject or body 'help' to
pam-list-request at redhat.com
You can reach the person managing the list at
pam-list-owner at redhat.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Pam-list digest..."
_____
Today's Topics:
1. the item ruser of pam_listfile.so cann`t work (liuruihong)
_____
Betreff:
the item ruser of pam_listfile.so cann`t work
Von:
"liuruihong" <mailto:liuruihong at baidu.com> <liuruihong at baidu.com>
Datum:
Sat, 29 Dec 2007 12:04:19 +0800
An:
<mailto:pam-list at redhat.com> <pam-list at redhat.com>
An:
<mailto:pam-list at redhat.com> <pam-list at redhat.com>
My /etc/pam.d/sshd on sz-ssl-test00.sz01:
#%PAM-1.0
auth required pam_listfile.so onerr=succeed item=ruser sense=allow file=/etc/test
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session required pam_loginuid.so
there are only one user in /etc/test:
lrh
when I login from remote using commands as fllows:
[lrh at test15 home]$ ssh liuruihong at sz-ssl-test00.sz01
liuruihong at sz-ssl-test00.sz01's password:
Permission denied, please try again.
liuruihong at sz-ssl-test00.sz01's password:
[lrh at test15 home]$
I cann`t login ,why?
_____
_______________________________________________
Pam-list mailing list
Pam-list at redhat.com
https://www.redhat.com/mailman/listinfo/pam-list
Liuruihong,
please note: 'ruser' should be set to the user's name on the remote host, that
issues the authentication sequence, in your case obviously 'lrh' at host 'test15'.
But this parameter is optional, in many cases it is left unset.
IMHO what you should test via pam_listfile is 'user', not 'ruser'.
The 'user' token is the name you whish to authenticate against,
in other words: 'user' is the parameter which requires a matching password.
Additionally, please note that after all 'user' may not be the same as the name
of the account you're finally logged in to, which is e.g. in U*X the passwd identity.
Regards
--
Dr.-Ing. Andreas Schindler
PDV Systeme AZ1 GmbH
Frankfurter Str. 141
63303 Dreieich
Telefon 06103-57187-21
Telefax 06103-373245
schindler at az1.de
www.az1.de
PDV Systeme AZ1 GmbH, Brandeniusstr. 3, 44265 Dortmund
HRB 11089 Amtsgericht Dortmund, Geschäftsführer : Klaus-Jürgen Koke, Joachim Carle
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20080102/d41654db/attachment.htm>
More information about the Pam-list
mailing list