[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [pam_access.so] How to ignore account expiration error(s)



Hi Jon,

thanks for quickly reply. I tried your opinion but it does not provide my target. root password is expired and root's cron jobs is not run


/var/log/cron-->

2011-12-28T15:28:01.848488+02:00 crond[11683]: User account has expired
2011-12-28T15:28:01.848714+02:00 crond[11683]: CRON (root) ERROR: failed to open PAM security session: Success
2011-12-28T15:28:01.848745+02:00 crond[11683]: CRON (root) ERROR: cannot set security context


I think system-auth does not allow it. How to ignore account expiration ?

  

On Wed, Dec 28, 2011 at 2:39 PM, Jon Miller <jonebird gmail com> wrote:
Sorry but I do not have a direct answer to your question, however it
is my opinion that the use of pam_access doesn't make much sense for
/etc/pam.d/crond. Cronjobs are for users which already have access
whereas pam_access would be controlling who gained access in the first
place. My suggestion is to completely remove that line from crond.

-- Jon Miller

On Wed, Dec 28, 2011 at 7:12 AM, ANIL KARADAĞ <anil karadag gmail com> wrote:
> Hi,
>
>
>
>
>
> I have a question about pam_access.so and need some suggestions. My problem
> is if root password is expired, root’s cron job(s) can not be run. I found
> two desing options;
>
>
>     1 - root password is configured for non-expire
>
>
>     2- /etc/pam.d/crond includes "account    sufficient   pam_access.so"
> instead of "account    required   pam_access.so"
>
>
>
> [1] is OK but i want to select second with some restriction(s). "sufficient"
> flag does not prevent unauthorized attempt so i don't want use second
> exactly.
>
>
> how to define "account    required   pam_access.so with disable_aging=ok"
>
>
>
> --
> Anıl KARADAĞ
> http://anilkaradag.info/blog
>
> _______________________________________________
> Pam-list mailing list
> Pam-list redhat com
> https://www.redhat.com/mailman/listinfo/pam-list

_______________________________________________
Pam-list mailing list
Pam-list redhat com
https://www.redhat.com/mailman/listinfo/pam-list



--
Anıl KARADAĞ
http://anilkaradag.info/blog

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]