Problems with pam_nologin.so

Viswanath Kasi viswanath.kvg at gmail.com
Thu May 6 13:16:08 UTC 2010 

Hi! Michael

I made the following changes which worked for me on sshd service with out
changing system auth.

auth       include      system-auth
account  [default=1 success=ignore] pam_succeed_if.so quiet user = <user>
account  sufficient     pam_permit.so
account    required     pam_nologin.so
account    include      system-auth

You can try this..!

Regards,

Viswanath


On Tue, May 4, 2010 at 12:16 AM, Hebenstreit, Michael <
michael.hebenstreit at intel.com> wrote:

> I'm sorry to hit the entire list with this question but after some hours
> research I'm still unable to find a solution to my problem. I need a way to
> allow certain users (eg the administrators) access to a system even when
> /etc/nologin is present. The orginal Redhat 5 config read like:
>
>  auth       include      system-auth
>  account    required     pam_nologin.so
>  account    include      system-auth
>  ....
>
> with system-auth containing
>
>  ...
>  account     required      pam_unix.so
>  account     sufficient    pam_succeed_if.so uid < 500 quiet
>  account     required      pam_permit.so
>  ...
>
> My modification would be:
>
>  #%PAM-1.0
>  auth       include      system-auth
>  account    include      system-auth
>  account    sufficient   pam_listfile.so onerr=fail item=user sense=allow
> file=/etc/admins
>  account    required     pam_nologin.so
>  ....
>
> Which holes do I open by moving pam_nologin.so to the end of the stack? Are
> there better ways to reach my goal?
>
> thanks for any help
> Michael
>
>
> ------------------------------------------------------------------------
> Michael Hebenstreit                 Senior Cluster Architect
> Intel Corporation                   Software and Services Group/DRD
> 2800 N Center Dr, DP3-307           Tel.:   +1 253 371 3144
> WA 98327, DuPont
> UNITED STATES                       E-mail: michael.hebenstreit at intel.com
>
> _______________________________________________
> Pam-list mailing list
> Pam-list at redhat.com
> https://www.redhat.com/mailman/listinfo/pam-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20100506/b60f0ac8/attachment.htm>

More information about the Pam-list mailing list