Seeking advice for auth required pam_deny.so
Ng Keng Lim
kenglim.ng at starhub.com
Wed May 2 21:07:30 UTC 2018
Hi List,
We currently have the following config in /etc/pam.d/system-auth on a RHEL 6.3 staging server:
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth required pam_env.so
#auth sufficient pam_fprintd.so
#auth sufficient pam_unix.so nullok try_first_pass
#auth requisite pam_succeed_if.so uid >= 500 quiet
#auth required pam_deny.so
auth required pam_faillock.so preauth audit silent deny=5
auth [success=1 default=bad] pam_unix.so
auth [default=die] pam_faillock.so authfail audit deny=5
auth sufficient pam_faillock.so authsucc audit deny=5
account required pam_unix.so
account sufficient pam_localuser.so
account sufficient pam_succeed_if.so uid < 500 quiet
account required pam_permit.so
After testing in our staging server, “su - root” and “sudo su – root” command are not working if "auth required pam_deny.so" is enable in /etc/pam.d/system-auth
Would like to check if there are any areas that might be misconfigure.
Thanks.
Regards,
Keng Lim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pam-list/attachments/20180502/0de4ef50/attachment.htm>
More information about the Pam-list
mailing list