Problems with pam_nologin.so
Viswanath Kasi
viswanath.kvg at gmail.com
Thu May 6 13:16:08 UTC 2010
Hi! Michael
I made the following changes which worked for me on sshd service with out
changing system auth.
auth include system-auth
account [default=1 success=ignore] pam_succeed_if.so quiet user = <user>
account sufficient pam_permit.so
account required pam_nologin.so
account include system-auth
You can try this..!
Regards,
Viswanath
On Tue, May 4, 2010 at 12:16 AM, Hebenstreit, Michael <
michael.hebenstreit at intel.com> wrote:
> I'm sorry to hit the entire list with this question but after some hours
> research I'm still unable to find a solution to my problem. I need a way to
> allow certain users (eg the administrators) access to a system even when
> /etc/nologin is present. The orginal Redhat 5 config read like:
>
> auth include system-auth
> account required pam_nologin.so
> account include system-auth
> ....
>
> with system-auth containing
>
> ...
> account required pam_unix.so
> account sufficient pam_succeed_if.so uid < 500 quiet
> account required pam_permit.so
> ...
>
> My modification would be:
>
> #%PAM-1.0
> auth include system-auth
> account include system-auth
> account sufficient pam_listfile.so onerr=fail item=user sense=allow
> file=/etc/admins
> account required pam_nologin.so
> ....
>
> Which holes do I open by moving pam_nologin.so to the end of the stack? Are
> there better ways to reach my goal?
>
> thanks for any help
> Michael
>
>
> ------------------------------------------------------------------------
> Michael Hebenstreit Senior Cluster Architect
> Intel Corporation Software and Services Group/DRD
> 2800 N Center Dr, DP3-307 Tel.: +1 253 371 3144
> WA 98327, DuPont
> UNITED STATES E-mail: michael.hebenstreit at intel.com
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20100506/b60f0ac8/attachment.htm>
More information about the Pam-list
mailing list