On Thu, Dec 29, 2011 at 3:18 AM, ANIL KARADAĞ <anil karadag gmail com
> Hi Ben,
> /etc/pam.d/crond includes the following lines;
> account sufficient pam_rootok.so
> account required pam_access.so
> account include system-auth
> crond with the above lines exits with an account expiration error if root
> password is expired.
> If crond uses "account sufficient pam_access.so" instead of "account
> required pam_access.so", root's jobs can be run.
> Does "sufficient" flag cause to access problem?
> On Wed, Dec 28, 2011 at 7:12 PM, ben <ben appliedplastic com
>> On 12/28/2011 5:39 AM, Jon Miller wrote:
>> > Sorry but I do not have a direct answer to your question, however it
>> > is my opinion that the use of pam_access doesn't make much sense for
>> > /etc/pam.d/crond. Cronjobs are for users which already have access
>> > whereas pam_access would be controlling who gained access in the first
>> > place. My suggestion is to completely remove that line from crond.
>> > -- Jon Miller
>> I suspect that pam_access is used to deny expired users. you might look
>> at adding a root ok module first.
>> Ben Hildred
>> Applied Plastic Coatings, Inc.
>> 5000 Tabor St.
>> Wheat Ridge, CO 80033
>> 303 424 9200
>> F: 303 424 8800
>> ben appliedplastic com
>> Pam-list mailing list
>> Pam-list redhat com
> Anıl KARADAĞ
> Pam-list mailing list
> Pam-list redhat com
Pam-list mailing list
Pam-list redhat com