[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Seeking advice for auth required pam_deny.so

Hi List,


We currently have the following config in /etc/pam.d/system-auth on a RHEL 6.3 staging server:



# This file is auto-generated.

# User changes will be destroyed the next time authconfig is run.

auth        required      pam_env.so

#auth      sufficient    pam_fprintd.so

#auth      sufficient    pam_unix.so nullok try_first_pass

#auth      requisite     pam_succeed_if.so uid >= 500 quiet

#auth      required      pam_deny.so

auth        required      pam_faillock.so preauth audit silent deny=5

auth        [success=1 default=bad] pam_unix.so

auth        [default=die] pam_faillock.so authfail audit deny=5

auth        sufficient    pam_faillock.so authsucc audit deny=5

account  required      pam_unix.so

account  sufficient    pam_localuser.so

account  sufficient    pam_succeed_if.so uid < 500 quiet

account  required      pam_permit.so


After testing in our staging server, “su - root” and “sudo su – root” command are not working if "auth required pam_deny.so" is enable in /etc/pam.d/system-auth

Would like to check if there are any areas that might be misconfigure.





Keng Lim


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]