[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [pam_access.so] How to ignore account expiration error(s)



What I do in these situations is manually do the "include" for
system-auth and then remove the unnecessary lines.
That is, keep your first two lines, then replace the third line with
the "account" entries of system-auth. At that point you have an
identical setup but you can now try commenting out the pam_access
account line without needing to affect any other pam files which may
also include system-auth.

-- Jon Miller

On Thu, Dec 29, 2011 at 3:18 AM, ANIL KARADAĞ <anil karadag gmail com> wrote:
> Hi Ben,
>
> /etc/pam.d/crond includes the following lines;
>
> account    sufficient  pam_rootok.so
> account    required   pam_access.so
> account    include    system-auth
>
> crond with the above lines exits with an account expiration error if root
> password is expired.
>
> If crond uses "account    sufficient   pam_access.so" instead of "account
>  required   pam_access.so", root's jobs can be run.
>
> Does "sufficient" flag cause to access problem?
>
>
>
> On Wed, Dec 28, 2011 at 7:12 PM, ben <ben appliedplastic com> wrote:
>>
>> On 12/28/2011 5:39 AM, Jon Miller wrote:
>> > Sorry but I do not have a direct answer to your question, however it
>> > is my opinion that the use of pam_access doesn't make much sense for
>> > /etc/pam.d/crond. Cronjobs are for users which already have access
>> > whereas pam_access would be controlling who gained access in the first
>> > place. My suggestion is to completely remove that line from crond.
>> >
>> > -- Jon Miller
>>
>> I suspect that pam_access is used to deny expired users. you might look
>> at adding a root ok module first.
>>
>> --
>> Ben Hildred
>> Estimator
>> Applied Plastic Coatings, Inc.
>> 5000 Tabor St.
>> Wheat Ridge, CO 80033
>> 303 424 9200
>> F: 303 424 8800
>> ben appliedplastic com
>> http://appliedplastic.com
>>
>> _______________________________________________
>> Pam-list mailing list
>> Pam-list redhat com
>> https://www.redhat.com/mailman/listinfo/pam-list
>
>
>
>
> --
> Anıl KARADAĞ
> http://anilkaradag.info/blog
>
> _______________________________________________
> Pam-list mailing list
> Pam-list redhat com
> https://www.redhat.com/mailman/listinfo/pam-list


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]