Problems with pam_nologin.so
Hebenstreit, Michael
michael.hebenstreit at intel.com
Mon May 3 18:46:16 UTC 2010
I'm sorry to hit the entire list with this question but after some hours research I'm still unable to find a solution to my problem. I need a way to allow certain users (eg the administrators) access to a system even when /etc/nologin is present. The orginal Redhat 5 config read like:
auth include system-auth
account required pam_nologin.so
account include system-auth
....
with system-auth containing
...
account required pam_unix.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
...
My modification would be:
#%PAM-1.0
auth include system-auth
account include system-auth
account sufficient pam_listfile.so onerr=fail item=user sense=allow file=/etc/admins
account required pam_nologin.so
....
Which holes do I open by moving pam_nologin.so to the end of the stack? Are there better ways to reach my goal?
thanks for any help
Michael
------------------------------------------------------------------------
Michael Hebenstreit Senior Cluster Architect
Intel Corporation Software and Services Group/DRD
2800 N Center Dr, DP3-307 Tel.: +1 253 371 3144
WA 98327, DuPont
UNITED STATES E-mail: michael.hebenstreit at intel.com
More information about the Pam-list
mailing list